Creating a single-sign on domain between HCL Portal and the remote search service | HCL Digital Experience
View the steps to create a single-sign on (SSO) domain between HCL Digital Experience and the remote search service. Set up remote search service by using EJB, since SOAP support for remote search services was deprecated with HCL Portal version 8.0.
Procedure
-
Export the LTPA keys from the HCL Portal server by completing the following
steps.
Cluster note: In a clustered environment, complete these steps on the Deployment Manager.
- Open the WebSphere® Integrated Solutions Console.
- Select .
- Enter a password for the key.
- In the field for the fully qualified key name, enter a key file name and click Export keys. The keys are written to the file profile_root/Key File Name, where portal_root is either the Deployment Manager profile or the HCL Portal profile.
- Import the key file to the remote search server. If your
environment contains extra application servers, complete the following
steps on all other servers that you want to be a part of this SSO
domain:
- Copy the key file that you exported in step 1 from the HCL Portal server to the remote search server.
- Log in to the WebSphere® Integrated Solutions Console.
- Select .
- In the field for the fully qualified key name, enter the directory and key file name that you specified in step 2a and click Import keys. The keys are propagated to all servers of the SSO domain.
- Restart all WebSphere® Application Server profiles on this server.
- Ensure that automatic LTPA key generation is disabled on
all servers of the SSO domain by completing the following steps:
- Verify that the system clocks are within 5 minutes of each
other between the HCL Portal server or servers and the remote search service server.Note: Failure to have the clocks in sync will lead to an import failure in the next step.
- Add the signer certification of the remote search service
server into the portal server by completing the following steps:
-
Add the signer certification of the portal server into the remote search service server by
completing the following steps:
- Access the WebSphere® Integrated Solutions Console of the remote search service server.
- Click .
- Enter the portal server host, its SSL port, and an alias.
- Click Retrieve Signer Information.
- Click OK.
-
In the portal server enable CSIv2 identity assertion. To complete this step, proceed as
follows:
Cluster note: In a clustered environment, complete these steps on the Deployment Manager WebSphere® Integrated Solutions Console.
What to do next
For more details about exporting the LTPA token, refer to the WebSphere® Application Server Help Center by going to . You can also locate this topic by opening the search feature of the WebSphere® Application Server Help Center and searching for ltpa key export.
If you work with EJB on a secure server, you must set the search user ID. For details about how to do this step, refer to Setting the search user ID.