Contents. Configuring AD SSO for Platform Symphony API Page 2 of 8

Similar documents
Best practices. Starting and stopping IBM Platform Symphony Developer Edition on a two-host Microsoft Windows cluster. IBM Platform Symphony

Best practices. Reducing concurrent SIM connection requests to SSM for Windows IBM Platform Symphony

Best practices. Linux system tuning for heavilyloaded. IBM Platform Symphony

Best practices. Defining your own EGO service to add High Availability capability for your existing applications. IBM Platform Symphony

CONFIGURING SSO FOR FILENET P8 DOCUMENTS

Installing Watson Content Analytics 3.5 Fix Pack 1 on WebSphere Application Server Network Deployment 8.5.5

IBM Platform HPC V3.2:

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

IBM Platform LSF. Best Practices. IBM Platform LSF and IBM GPFS in Large Clusters. Jin Ma Platform LSF Developer IBM Canada

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

iscsi Configuration Manager Version 2.0

IBM Security QRadar Version Customizing the Right-Click Menu Technical Note

Platform LSF Version 9 Release 1.1. Migrating on Windows SC

IBM LoadLeveler Version 5 Release 1. Documentation Update: IBM LoadLeveler Version 5 Release 1 IBM

Tivoli Access Manager for Enterprise Single Sign-On

Platform LSF Version 9 Release 1.3. Migrating on Windows SC

IBM. Networking INETD. IBM i. Version 7.2

IBM Spectrum LSF Version 10 Release 1. Readme IBM

Getting Started with InfoSphere Streams Quick Start Edition (VMware)

Implementing IBM Easy Tier with IBM Real-time Compression IBM Redbooks Solution Guide

Integrated use of IBM WebSphere Adapter for Siebel and SAP with WPS Relationship Service. Quick Start Scenarios

IBM WebSphere Sample Adapter for Enterprise Information System Simulator Deployment and Testing on WPS 7.0. Quick Start Scenarios

Continuous Availability with the IBM DB2 purescale Feature IBM Redbooks Solution Guide

IBM. IBM i2 Enterprise Insight Analysis Understanding the Deployment Patterns. Version 2 Release 1 BA

ServeRAID-MR10i SAS/SATA Controller IBM System x at-a-glance guide

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide IBM

IBM Kenexa LCMS Premier on Cloud. Release Notes. Version 9.3

IBM Cloud Orchestrator. Content Pack for IBM Endpoint Manager for Software Distribution IBM

Best practices. IBMr. Managing resources in an IMSplex with OM, type-2 commands, and SPOC IBM IMS. Janna Mansker IMS Development

Version 2 Release 1. IBM i2 Enterprise Insight Analysis Understanding the Deployment Patterns IBM BA

IBM Spectrum LSF Process Manager Version 10 Release 1. Release Notes IBM GI

Networking Bootstrap Protocol

IBM emessage Version 8.x and higher. Account Startup Overview

IBM Content Analytics with Enterprise Search Version 3.0. Expanding queries and influencing how documents are ranked in the results

Using application properties in IBM Cúram Social Program Management JUnit tests

IBM License Metric Tool Enablement Guide

Determining dependencies in Cúram data

IBM Operational Decision Manager Version 8 Release 5. Configuring Operational Decision Manager on Java SE

IBM Security QRadar Version Forwarding Logs Using Tail2Syslog Technical Note

Version 1.2 Tivoli Integrated Portal 2.2. Tivoli Integrated Portal Customization guide

IBM Storage Driver for OpenStack Version Release Notes

Migrating on UNIX and Linux

Build integration overview: Rational Team Concert and IBM UrbanCode Deploy

Application and Database Protection in a VMware vsphere Environment

Proposal for a Tivoli Storage Manager Client system migration from Solaris with VxFS to Linux with GPFS or AIX with GPFS or JFS2

Tivoli Access Manager for Enterprise Single Sign-On

IBM Operational Decision Manager. Version Sample deployment for Operational Decision Manager for z/os artifact migration

IBM BigInsights Security Implementation: Part 1 Introduction to Security Architecture

Best practices. IBMr. How to use OMEGAMON XE for DB2 Performance Expert on z/os to identify DB2 deadlock and timeout. IBM DB2 Tools for z/os

Migrating Classifications with Migration Manager

IBM Maximo for Service Providers Version 7 Release 6. Installation Guide

IBM OpenPages GRC Platform - Version Interim Fix 1. Interim Fix ReadMe

Netcool/Impact Version Release Notes GI

Emulex 8Gb Fibre Channel Single-port and Dual-port HBAs for IBM System x IBM System x at-a-glance guide

Development tools System i5 Debugger

IBM Operations Analytics - Log Analysis: Network Manager Insight Pack Version 1 Release 4.1 GI IBM

IBM. Combining DB2 HADR with Q Replication. IBM DB2 for Linux, UNIX, and Windows. Rich Briddell Replication Center of Competency.

IBM Maximo Calibration Version 7 Release 5. Installation Guide

IBM Storage Management Pack for Microsoft System Center Operations Manager (SCOM) Version Release Notes

IBM Tivoli Directory Server Version 5.2 Client Readme

ServeRAID-BR10il SAS/SATA Controller v2 for IBM System x IBM System x at-a-glance guide

IBM Netcool/OMNIbus 8.1 Web GUI Event List: sending NodeClickedOn data using Netcool/Impact. Licensed Materials Property of IBM

IBM z/os Management Facility V2R1 Solution Guide IBM Redbooks Solution Guide

Release Notes. IBM Tivoli Identity Manager Rational ClearQuest Adapter for TDI 7.0. Version First Edition (January 15, 2011)

A Quick Look at IBM SmartCloud Monitoring. Author: Larry McWilliams, IBM Tivoli Integration of Competency Document Version 1, Update:

IBM Endpoint Manager Version 9.1. Patch Management for Ubuntu User's Guide

Using the IBM DS8870 in an OpenStack Cloud Environment IBM Redbooks Solution Guide

Tivoli Storage Manager for Virtual Environments: Data Protection for VMware Solution Design Considerations IBM Redbooks Solution Guide

IBM Rational Synergy DCM-GUI

Tivoli Access Manager for Enterprise Single Sign-On

Patch Management for Solaris

IBM i2 ibridge 8 for Oracle

Managing IBM Db2 Analytics Accelerator by using IBM Data Server Manager 1

IBM FlashSystem V MTM 9846-AC3, 9848-AC3, 9846-AE2, 9848-AE2, F, F. Quick Start Guide IBM GI

IBM Storage Driver for OpenStack Version Installation Guide SC

Integrated Management Module (IMM) Support on IBM System x and BladeCenter Servers

Integrating IBM Rational Build Forge with IBM Rational ClearCase and IBM Rational ClearQuest

IBM Maximo for Aviation MRO Version 7 Release 6. Installation Guide IBM

Best practices IBM. Configuring OTMA for flood control, callout, and XCF communication IBM IMS. Jack Yuan IMS TM Development

IBM High IOPS SSD PCIe Adapters IBM System x at-a-glance guide

IBM Directory Integrator 5.1.2: Readme Addendum

IBM Rational Development and Test Environment for System z Version Release Letter GI

IBM. IBM i2 Analyze Windows Upgrade Guide. Version 4 Release 1 SC

IBM Financial Transactions Repository Version IBM Financial Transactions Repository Guide IBM

IBM Storage Device Driver for VMware VAAI. Installation Guide. Version 1.1.0

IBM 6 Gb Performance Optimized HBA IBM Redbooks Product Guide

IBM OpenPages GRC Platform Version 7.0 FP2. Enhancements

Enterprise Caching in a Mobile Environment IBM Redbooks Solution Guide

IBM Security QRadar Version 7 Release 3. Community Edition IBM

COBOL for AIX. Source conversion utility (scu)

IBM Geographically Dispersed Resiliency for Power Systems. Version Release Notes IBM

IBM Maximo Spatial Asset Management Version 7 Release 5. Installation Guide

Installing and Configuring Tivoli Monitoring for Maximo

IBM FlashSystem V Quick Start Guide IBM GI

Configuring IBM Rational Synergy to use HTTPS Protocol

Installing on Windows

Implementing IBM CICS JSON Web Services for Mobile Applications IBM Redbooks Solution Guide

IBM XIV Provider for Microsoft Windows Volume Shadow Copy Service. Version 2.3.x. Installation Guide. Publication: GC (August 2011)

RSE Server Installation Guide: AIX and Linux on IBM Power Systems

IBM Copy Services Manager Version 6 Release 1. Release Notes August 2016 IBM

Transcription:

IBM Platform Symphony Best practices Configuring AD SSO for Platform Symphony API Xiaoping Zheng IBM, Software Defined Systems QA, Platform Symphony Issued: April 2015

Contents Configuring AD SSO for Platform Symphony API...1 Configuring AD SSO for Platform Symphony API...3 Prerequisites...3 Steps...4 Notices...7 Trademarks...8 Configuring AD SSO for Platform Symphony API Page 2 of 8

Configuring AD SSO for Platform Symphony API The ADD SSO feature is intended for configuring a normal domain user that has full access to user and group account information and is applicable to Platform Symphony 6.1.1 and 7.1 on Windows. Prerequisites Before completing the steps in this topic, ensure that the normal domain user meets the following prerequisites: 1. The domain user must have full access to user and group account information. To do this, follow these steps: a. Open the Active Directory Users and Computers Microsoft Management Console by clicking Run, typing dsa.msc, and clicking OK. b. From the View menu, select Advanced Features. c. Select the Users list. d. Double-click your domain user. e. Select the Security tab. f. Select Full Control Permissions for Everyone. g. Click Apply. 2. The domain user is a domain administrator (that is, the domain user must belong to the local Administrator group). Before configuring AD single sign-on, ensure you have the following prerequisites: 1. For all hosts (management, compute, and client), the AD single sign-on API is supported on Windows only. (Note that this is different from the AD support on Platform Symphony; the single sign-on feature is limited to Windows only for all hosts.) 2. The service principal name (SPN) must be configured correctly. 3. The SPN is the name by which a client uniquely identifies a service instance. Use the setspn a command in the format setspn a service_name/host DomainUser, where: service_name can be sd or vemkd. host is the fully-qualified host name (with domain suffix) of the host. For example, sd/host.domain.com. For failover, set the SPN for the target service on all management hosts in the cluster. Configuring AD SSO for Platform Symphony API Page 3 of 8

Use the AD_SPN_SERVICENAME field in the adauth.conf file, in the format AD_SPN_SERVICENAME=service_name/{host}, where service_namecan be sd or vemkd. Note that here, host is not a variable. For example, sd/{host} or vemkd/{host}. Steps 1. On every host, edit the adauth.conf file to set the values of the parameters in the following table: Notes: For management hosts and compute hosts the adauth.conf file is under $EGO_CONFDIR. For client hosts, add an adauth.conf file under $SOAM_HOME\conf. Parameter Mandatory or optional Description AD_SSO Mandatory to enable SSO Enables SSO on all hosts, management, compute, and client hosts. Valid values: Y N (default) If SSO is enabled on management hosts (AD_SSO=Y), compute or client hosts can use the original AD plug-in or use SSO (requires AD_SSO=Y on compute or client hosts). If AD_SSO is not enabled on management hosts, compute hosts or client hosts cannot use the SSO feature even if AD_SSO=Y on the compute or client hosts. AD_SPN_SERVICENAME Mandatory if SSO is enabled Specifies a service principal name by which a client uniquely identifies an instance of a service. Valid format: service_name/{host} where, service_name can be sd or vemkd. Note that here, host is not Configuring AD SSO for Platform Symphony API Page 4 of 8

a variable. For example, sd/{host}. If SSO is enabled (AD_SSO=Y), but AD_SPN_SERVICENAME is not defined, the AD plug-in does not load successfully. AD_ADMIN Mandatory Specifies the AD user admin on management hosts. On other hosts, use an asterisk (*) as a placeholder for the parameter. 2. On every host, edit the ego.conf file to set the values of the parameters in the following table: Notes: For management hosts and compute hosts the ego.conf file is under $EGO_CONFDIR. For client hosts, the ego.conf file is under $SOAM_HOME\conf. Parameter Mandatory or optional Description EGO_SEC_PLUGIN sec_ego_ext_ad Specifies the AD plug-in. EGO_SEC_CONF For management and compute hosts: $EGO_TOP\kernel\conf,0, DEBUG,$EGO_TOP \kernel\log For client hosts: $SOAM_HOME\conf,0, DEBUG,$SOAM_HOME \log Specifies settings for the AD plugin in this format: <plugin_configuration_directory, created-ttl, plug-in_log_level, plug-in_log_directory> All server-side messages are logged to ego_ext_plugin_server.log in the plugin-log directory. All clientside messages are logged to ego_ext_plugin_client.log in the plugin-log directory. 3. Map the domain administrator password to the cluster administrator's password: # egostashpass-ad 4. On all the management hosts, start the LIM process as the domain administrator: Configuring AD SSO for Platform Symphony API Page 5 of 8

a. Click Start > Run. b. Enter services.msc and click OK. c. Locate Platform LIM, right-click the service, and click Properties. d. Click the Log on tab. e. Select This account and enter details for the domain administrator. f. Click OK. 5. Ensure that the VEMKD, SD, and RS services run as the same user set up in the setspn command. Configuring AD SSO for Platform Symphony API Page 6 of 8

Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPO- RATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON- INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. Without limiting the above disclaimers, IBM provides no representations or warranties regarding the accuracy, reliability or serviceability of any information or recommendations provided in this publication, or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information contained in this document has not been submitted to any formal IBM test and is distributed AS IS. The use of this information or the implementation of any recommendations or techniques herein is a customer responsibility and depends on the customer s ability to evaluate and integrate them into the customer s operational environment. While each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will be obtained elsewhere. Anyone attempting to adapt these techniques to their own environment does so at their own risk. This document and the information contained herein may be used solely in connection with the IBM products discussed in this document. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm websites are provided for convenience only and do not in any manner serve as an endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Configuring AD SSO for Platform Symphony API Page 7 of 8

Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: Copyright IBM Corporation 2015 All Rights Reserved. This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( or ), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at Copyright and trademark information at www.ibm.com/legal/copytrade.shtml Windows is a trademark of Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. Configuring AD SSO for Platform Symphony API Page 8 of 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback