194 WebSphere Portal Express and Express Plus V5 for the IBM Eserver iSeries Server
5.3.4 Configuring SSO in other WebSphere application servers in the domain
For instructions on how to configure WebSphere security, refer to WebSphere Application
Server in the iSeries Information Center at:
Also refer to the WebSphere Information Center at:
For information about configuring Domino and WebSphere SSO, refer to Chapter 6,
“Integrating Lotus products with WebSphere Portal” on page 203, as well as Integrating Lotus
Domino 6 and WebSphere Express V5 on the IBM Eserver iSeries Server, SG24-6998.
5.3.5 Importing LTPA keys
You must import the LTPA keys that you exported to a file, from the WebSphere Portal server,
to the other WebSphere application servers in the domain. To import the LTPA keys file,
complete the following steps:
1. Start the WebSphere Application Server.
2. Open the administrative console.
3. In the navigation menu, click Security
Authentication mechanisms LTPA.
4. In the Password and Confirm Password fields, specify the password that will be associated
with the keys to be imported. You must know this information.
5. In the Key File Name field, specify the name and location of the LTPA keys file.
6. Click Import Keys to import the LTPA keys from a file.
7. Click Save to apply the changes to the master configuration.
8. Click Logout to exit the administrative console.
9. Stop and then restart the application server.
5.4 Putting it all together: Portal SSO scenarios
This section presents topologies where SSO is configured. Users need to authenticate only
once in this environment where WebSphere Portal is used to access multiple application
servers. These servers may include WebSphere application servers, Domino, Lotus Instant
Messaging and Web Conferencing, and Lotus Team Workplace servers.
SSO essentially describes the relationship between the users Web browser and the HTTP
server that processes the URL requests to access the application servers. The scenarios in
this section represent several topologies and configuration options.
Chapter 5. WebSphere Portal and single signon 195
5.4.1 Testing the scenarios
You can test your SSO environment using the following Web applications:
򐂰 WebSphere Portal with Form-based authentication
To test first time authentication, access the portal application using the following URL:
To test SSO in an already authenticated session, access the portal application using
the following URL:
򐂰 WebSphere Administrative console with Form-based authentication
To access this application, enter the URL:
򐂰 Snoop using Basic authentication
To access this application, enter the URL:
To prove that your SSO environment is working properly, perform the following steps:
1. Access one of the previously listed Web applications, for example the portal application at
the user:
2. Enter valid user credentials that will be validated using the LDAP user registry.
3. After the user credentials are validated, the browser should receive a valid LTPA token.
Display the cookies in your browser as explained in 5.2.4, “Verifying the LTPA token during
Portal login” on page 184.
4. Access a second Web application in the SSO domain. This time you should not be
prompted again to enter your user credentials.
5.4.2 Scenario 1: Single HTTP server, application server, and DNS domain
This is a simple scenario where all the nodes in the topology reside in a single iSeries server
(see Figure 5-19).
The characteristics of this scenario are:
򐂰 The HTTP server, WebSphere Application Server (Portal), and DNS server are deployed
in a single iSeries logical partition (LPAR). All nodes have the same host and domain
򐂰 All Web applications to be accessed through the portal are deployed in the same
application server where the portal application runs. The portal application is added to the
server in the WebSphere Enterprise Enablement instance created for the portal.
򐂰 Portal security is configured using the WebSphere Portal configuration wizard.
The wizard enables WebSphere global security.
LDAP is configured as a user registry.
LTPA is configured as an authentication mechanism. The LTPA password is set to a
system-generated value. The LTPA keys are generated.
The SSO domain is set to blank.

Get WebSphere Portal Express and Express Plus V5 for the IBM eServer iSeries Server now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.