How to configure the Dynamic Workload Console and the master domain manager for Single Sign-On
Configure the Dynamic Workload Console and the master domain manager for Single Sign-On.
About this task
You can configure Single Sign-On using a Lightweight Third-Party Authentication (LTPA) token or an MP-JWT token.
Note: When implementing a configuration in Single Sign-On, ensure you have
not specified the engine credentials in the Manage
Engine section.
Configuring the Dynamic Workload Console for Single-Sign-On with an LTPA token
About this task
To enable Single Sign-On between the Dynamic Workload Console and master domain manager, perform the following steps:
Procedure
- Configure an authentication provider for the Dynamic Workload Console as explained in Configuring a user registry.
-
Create the Access Control list for the authentication
provider user or group. For example, to give full
access on domain and folders to the LDAP group
perform the following steps:
- From the Dynamic Workload Console open the Manage Workload Security panel and select Give access to users and groups.
- Select the LDAP group from the drop-down list and FULLCONTROL in the field Role.
- Select Domain and assign ALLOBJECTS.
- Save and create new
- Select the LDAP group from the drop-down list and FULLCONTROL in the field Role.
- Select Folder and
assign the root by clicking
/
. - Save
-
Ensure that the ltpa.keys file on
both the Dynamic Workload Console and the master domain manager are identical, copying the file from one instance
to the other. The file is located as follows:
- Dynamic Workload Console
-
DWC_home/usr/servers/dwcServer/resources/security
- master domain manager
-
TWA_home/usr/servers/engineServer/resources/security
- Restart WebSphere Application Server Liberty on both the master domain manager and the Dynamic Workload Console by running stopAppServer and startAppServer.
Configuring the Dynamic Workload Console for Single Sign-On with an MP-JWT token
About this task
Perform the following steps:
Procedure
- Configure an authentication provider for the Dynamic Workload Console as explained in Configuring a user registry.
-
Create the Access Control list for the authentication
provider user or group. For example, to give full
access on folders to an LDAP group perform the
following steps:
- From the Dynamic Workload Console open the Manage Workload Security panel and select Give access to users and groups.
- Select the LDAP group from the drop-down list and FULL_CONTROL in the field Role.
- Select Folder and
assign the root by clicking
/
. - Save