How to configure the Dynamic Workload Console 10.2 and a master domain manager 9.4.x for Single Sign-On

How to configure the Dynamic Workload Console 10.2 and a master domain manager 9.4.x for Single Sign-On.

Before you begin

Ensure that the master domain manager V9.4.x is configured to use a Lightweight Directory Access Protocol (LDAP). The LDAP should be the same one already configured and used by the Dynamic Workload Console 10.2. For further information about how to configure an LDAP, see Configuring a user registry.

About this task

To configure the Dynamic Workload Console 10.2 and the master domain manager V9.4.x for Single Sign-On, perform the following steps:

Procedure

  1. Access the WebSphere administrative console of the master domain manager V9.4.x and go to Global security in the Security section.
  2. In the Global security panel, take note of the value for the Realm name in the User account repository section. The realm name is required later in this section.
    Figure 1. Realm name in the WebSphere administrative console
    Realm name in the WebSphere administrative console
  3. In Authentication, select LTPA as the authentication mechanism, and enter a password to export the ltpa keys.
    Note: Take note of the password. The password you enter is required later during the import.
    Figure 2. Export of the ltpa keys file
    Export of the ltpa keys file
  4. Before replacing the existing ltpa on the Dynamic Workload Console 10.2, create a backup copy in a different directory. The existing ltpa keys file can be found in the following path:
    DWC_DATA_dir/usr/servers/dwcServer/resources/security/
    DWC_home\usr\servers\dwcServer\resources\security\
  5. Rename the exported ltpa keys file to ltpa.keys and copy it to the same path as the existing file on the Dynamic Workload Console 10.2.
  6. Open the authentication configuration file previously customized to enable the LDAP for the Dynamic Workload Console 10.2, and ensure that the realm name is the same as the one specified for the master domain manager V9.4.x (see Step 2). The authentication configuration file is located in the following path:
    DWC_DATA_dir/usr/servers/dwcServer/configDropins/overrides/
    DWC_home\usr\servers\dwcServer\configDropins\overrides\
    Figure 3. Realm name in the authentication template
    Realm name in the authentication template

    Where TWSREALM is the default realm name.

  7. Add the password in XOR format in the ssl_config.xml as follows:
    1. Copy the ssl_config.xml file from the following path:
      DWC_home/usr/servers/dwcServer/configDropins/defaults/
      DWC_home\usr\servers\dwcServer\configDropins\defaults\
    2. Paste the ssl_config.xml file in the following path:
      DWC_DATA_dir/usr/servers/dwcServer/configDropins/overrides/
      DWC_home\usr\servers\dwcServer\configDropins\overrides\
    3. Open the ssl_config.xml file and enter the password in XOR format. The password is the one you specified for the master domain manager V9.4.x during the export (see Step 3).
      Figure 4. Password in XOR format
      Password in XOR format
  8. Restart the Dynamic Workload Console 10.2.

Results

You successfully configured the Dynamic Workload Console 10.2 and the master domain manager V9.4.x for Single Sign-On.