Entrust GetAccess 7.0 Technical Integration Brief for IBM WebSphere Portal 5.0

Similar documents
Entrust PartnerLink Login Instructions

Entrust Technical Integration Guide for Entrust Security Manager 7.1 SP3 and SafeNet Luna CA4

Implementing Single-Sign-On(SSO) for APM UI

IBM InfoSphere Information Server Single Sign-On (SSO) by using SAML 2.0 and Tivoli Federated Identity Manager (TFIM)

Secure Messaging Buyer s Guide

WebSphere Integration Kit. Version User Guide

Entrust Identification Server 7.0. Entrust Entitlements Server 7.0. Administration Guide. Document issue: 1.0. Date: June 2003

Configuring a basic authentication in WebSEAL to access SmartCloud Control Desk

Setup domino admin client by providing username server name and then providing the id file.

DIGIPASS Authentication to Citrix XenDesktop with endpoint protection

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Oracle Access Manager Integration Oracle FLEXCUBE Payments Release [Feb] [2018]

Oracle Access Manager Oracle FLEXCUBE Universal Banking Release [May] [2017]

IBM SECURITY PRIVILEGED IDENTITY MANAGER

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Novell Access Manager

Federated Identity Manager Business Gateway Version Configuration Guide GC

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007

AppScaler SSO Active Directory Guide

SafeNet Authentication Client

Cloud Access Manager Configuration Guide

Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

OpenID Cloud Identity Connector. Version 1.3.x. User Guide

ActivIdentity 4TRESS AAA Web Tokens and F5 BIG-IP Access Policy Manager. Integration Handbook

ActivIdentity ActivID Card Management System and Juniper Secure Access. Integration Handbook

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

CA Adapter. CA Adapter Installation Guide for Windows 8.0

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for SonicWALL Secure Remote Access

Tivoli Access Manager for Enterprise Single Sign-On

CA SiteMinder Federation

V7.0. cover. Front cover. IBM Connections 4.5 Deployment Scenarios. Deployment Scenarios ERC 1.0

CA Single Sign-On and LDAP/AD integration

Integration Guide. SafeNet Authentication Service. Strong Authentication for Juniper Networks SSL VPN

Cloud Access Manager Overview

Architecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World

Phishing is Yesterday s News Get Ready for Pharming

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with SonicWALL E-Class Secure Remote Access

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

SPNEGO SINGLE SIGN-ON USING SECURE LOGIN SERVER X.509 CLIENT CERTIFICATES

IBM Security Access Manager Version December Release information

Tivoli Access Manager for Enterprise Single Sign-On

Symantec Managed PKI. Integration Guide for ActiveSync

CONFIGURING SSO FOR FILENET P8 DOCUMENTS

PURCHASING AN ENTRUST DATACARD SSL/TLS CERTIFICATE. Document issue: 12.2 Date of issue: July 2017

DIGIPASS Authentication for O2 Succendo

Integration Guide. LoginTC

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Entrust Cloud Enterprise. Enrollment Guide

Quintiles JReview Customer Access Guide. Version Number: 11. Document Version:

Integration Guide. SafeNet Authentication Service. Protecting SugarCRM with SAS

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for Okta

CoreBlox Integration Kit. Version 2.2. User Guide

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

Outlook Web Access. Implementation Guide. (Version 5.4) Copyright 2012 Deepnet Security Limited

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Pulse Secure Client for Chrome OS

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Policy Manager for IBM WebSphere DataPower 8.0: Installation Guide

Configuring Integrated Windows Authentication for IBM WebSphere with SAS 9.2 Web Applications

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

Host Access Management and Security Server Administrative Console Users Guide. August 2016

IBM Tivoli Access Manager for Enterprise Single Sign-On: Authentication Adapter Version 6.00 September, 2006

Perceptive Connect. Installation and Setup Guide. Beta version: Compatible with ImageNow, versions 6.6.x and 6.7.x

Tivoli Access Manager for Enterprise Single Sign-On

Shared Session Management Administration Guide

Dell One Identity Cloud Access Manager 8.0. Overview

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP Access Policy Manager with IBM, Oracle, and Microsoft

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

PURCHASING AND USING A PERSONAL SECURE CERTIFICATE. Document issue: 12.1 Date of issue: March 2017

C examcollection.premium.58q

Central Authentication Service Integration 2.0 Administration Guide May 2014

CA SiteMinder. Federation Manager Guide: Legacy Federation. r12.5

WebSphere Portal Security Configuration

WWPass External Authentication Solution for IBM Security Access Manager 8.0

Lotus Learning Management System R1

April Understanding Federated Single Sign-On (SSO) Process

SafeNet Authentication Manager

ISAM Federation STANDARDS AND MAPPINGS. Gabriel Bell IBM Security L2 Support Jack Yarborough IBM Security L2 Support.

SafeNet Authentication Service

SafeNet Authentication Service

DIGIPASS Authentication for NETASQ

SafeNet Authentication Manager

Sophos Mobile Control Network Access Control interface guide. Product version: 7

Novell Identity Manager

Using Client Security with Policy Director

Tivoli Access Manager for Enterprise Single Sign-On

IBM Security Access Manager v8.x Kerberos Part 2

Oracle FLEXCUBE OBIEE Reports Oracle FLEXCUBE Universal Banking Release [December] [2016]

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

CLI users are not listed on the Cisco Prime Collaboration User Management page.

SafeNet Authentication Manager

Installing a CoreStreet Responder

Deploying Lookout with IBM MaaS360

Tivoli Common Reporting V Cognos report in a Tivoli Integrated Portal dashboard

Transcription:

Entrust GetAccess 7.0 Technical Integration Brief for IBM WebSphere Portal 5.0 November 2004 www.entrust.com 1-888-690-2424

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust Limited in Canada. All other company and product names are trademarks or registered trademarks of their respective owners. The material provided in this document is for information purposes only. It is not intended to be advice. You should not act or abstain from acting based upon such information without first consulting a professional. ENTRUST DOES NOT WARRANT THE QUALITY, ACCURACY OR COMPLETENESS OF THE INFORMATION CONTAINED IN THIS ARTICLE. SUCH INFORMATION IS PROVIDED "AS IS" WITHOUT ANY REPRESENTATIONS AND/OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, BY USAGE OF TRADE, OR OTHERWISE, AND ENTRUST SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS, AND/OR WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT, OR FITNESS FOR A SPECIFIC PURPOSE. Copyright 2004. Entrust. All rights reserved.

Entrust GetAccess Entrust GetAccess software provides a comprehensive, Web Access Control and Single Sign-On security solution that can help to enable organizations to move business processes online. The Entrust GetAccess portfolio delivers a single entry and access point for user authentication and authorization across Web portal applications. As such, Entrust GetAccess provides organizations with security, flexibility and performance to personalize the user experience of a Web portal. Integration Overview The integration of Entrust GetAccess products with the IBM WebSphere Portal can help enable enterprises to leverage the benefits, efficiency, and convenience of unified browser access to IBM and non-ibm applications employing the comprehensive centralized authentication and authorization services of Entrust GetAccess. This integration can provide the ability to securely extend the enterprise to employees, customers, partners, and suppliers helping to deliver increased access to information, improved efficiency, and cost reductions. GetAccess and IBM WebSphere Portal Solution HTTP Server GetAccess Runtime GetAccess LDAP PAAM 3 Entrust GetAccess GetAccess Login 4 + 5 1 2 2 WebSphere Application Server WebSphere Portal Tivoli Directory Server Use Case Scenario 1. User access protected WebSphere Portal and login occurs 2. Entrust GetAccess validates the user against the WebSphere User Registry (IBM Tivoli Directory Server) 3. Entrust GetAccess creates a SSO token 4. User gains access to WebSphere and user mapping occurs 5. User is automatically logged into WebSphere Portal Copyright 2004. Entrust. All rights reserved 1 www.entrust.com

Integration Details The integration of Entrust GetAccess components with the IBM WebSphere Portal primarily consists of implementing a Trust Association Interceptor (TAI) to interact with the Entrust GetAccess system as a supported authentication mechanism for proof of potential Single Sign-On (SSO) operation. Once a user is authorized by the Entrust GetAccess software, their account username (UID), is communicated to the portal in the HTTP header. The WebSphere Application Server Lightweight Third Party Authentication (LTPA) is configured to enable the integration TAI, which compares the user identifying HTTP header value against existing User Registry data sources and grants access to the portal upon finding a match. A WebSphere logon ticket is generated and stored in the user's browser to enable SSO in the portal. The Entrust GetAccess LDAP Plug-able Authentication and Authorization Module (PAAM) is configured to authenticate and auto-enroll against the WebSphere User Registry LDAP. The WebSphere User Registry LDAP is IBM Tivoli Directory Server. The user login model is as follows: 1. The user accesses the WebSphere Portal. 2. The Entrust GetAccess system authorizes portal users access and returns a user UID to the TAI as part of the HTTP header. 3. The WebSphere does not perform any additional authentication of the user. 4. A WebSphere token is generated and stored in the user s browser to enable Single Sign-On in the portal. Copyright 2004. Entrust. All rights reserved. 2 www.entrust.com

Configuring Entrust GetAccess System The Entrust GetAccess Runtime must be installed on the IBM HTTP Server that is hosting the WebSphere Reverse Proxy Plug-in. The installation will configure IBM HTTP Server with the Entrust GetAccess directives required to protect server resources. Configure the Entrust GetAccess Runtime to protect the WebSphere Portal URL. Using the Entrust GetAccess Administration Application, configure the installed Runtime to protect the following relative URL: /wps/myportal ;and protect the follow item: /wps/* The GetAccess protected Portal Resource will require a Role assigned. Create an appropriate Role and assign it to the corresponding Portal Resource. Configure Entrust GetAccess with the LDAP Plug-able Authentication and Authorization Module (PAAM) against the WebSphere configured LDAP User Registry. The LDAP PAAM will permit GetAccess to authenticate and auto-enroll users against the same User Registry WebSphere authenticates users against. The advantage is the user credentials required for authentication to both products will remain in-sync. The LDAP PAAM will require additional configuration to statically or dynamically assign the GetAccess Role assigned to the Portal Resource. Please refer to the Entrust GetAccess documentation for further information regarding Assigning roles and a user type automatically. Copyright 2004. Entrust. All rights reserved. 3 www.entrust.com

Configuring WebSphere Application Server and Portal 1. Move the accompanying Entrust TAI file entrusttai70.jar to the <was_root>\classes directory. 2. Login to the WebSphere Application Server Administrative Console. 3. Navigate to Security > Authentication Mechanisms > LTPA, then click the Trust Association link. 4. Check Trust Association Enabled. 5. Click Interceptors. 6. Click New. 7. Enter the Interceptor Class name: com.wps.sso.entrustgetaccesstruepasstrustassociationinterceptor 8. Click OK. Copyright 2004. Entrust. All rights reserved. 4 www.entrust.com

9. Click Custom Properties and add the following required Name and Value pair. Name Value Required? entrust.integration The TAI supported Entrust product to integrate with. Ex: getaccess Yes 10. Click Apply and Save the changes. 11. Modify the file <was_root>\appserver\installedapps\< node>\wps.ear\wps.war\web- INF\web.xml. <login-config id="loginconfig_1"> <auth-method>form</auth-method> <realm-name>wps</realm-name> <form-login-config id="formloginconfig_1"> <form-login-page>myportal</form-login-page> <form-error-page>/error.html</form-error-page> </form-login-config> </login-config> 12. Modify the file <was_root>\portalserver\shared\app\config\services\configservice.properties. # Logout redirect parameters # # Default: false, false, <none> redirect.logout = true redirect.logout.ssl = <true:false> redirect.logout.url = <ga_accessserver_logout> Change redirect.logout.ssl to true if IBM HTTP Server is configured for SSL communication. Set redirect.logout.url to the GetAccess Access Server Logout servlet URL. For example: https://p2800-01.entrust.com/getaccess/logout 13. Restart WebSphere Application Server and Portal. Copyright 2004. Entrust. All rights reserved. 5 www.entrust.com

System Behavior When users access the portal, the Entrust GetAccess authentication dialog appears and users enter their Entrust GetAccess authentication information. Once the user has successfully been authorized to access the Portal URL, they will be transparently logged into WebSphere through the configured TAI. If the user has been previously authenticated into the Entrust GetAccess system, the user will be transparently logged into WebSphere without an authentication dialog. The WebSphere Portal access URL is http(s)://<hostname>/wps/myportal. For example: https://p2800-01.entrust.com/wps/myportal As a result of utilizing the GetAccess LDAP PAAM, existing WebSphere Portal users are capable of authenticating, changing profile and password settings, and transparently autoenrolling into GetAccess. The WebSphere admin account (wpsadmin) will auto-enroll to GetAccess through the LDAP PAAM initially, as will existing WebSphere users. Existing WebSphere user creation procedures apply as normal. System Components Entrust GetAccess 7.0 Entrust TruePass 7.0 SP1 - optional Entrust Authority Security Manager 6.0 or 7.0 optional Self-Administration Server 7.0 optional Entrust Authority Roaming Server optional IBM WebSphere Portal 5.0 IBM HTTP Server 2.0.47.1 IBM Tivoli Directory Server 5.2 Please check PSIC for the latest supported version information at: https://www.entrust.com/support/psic/index.cfm Copyright 2004. Entrust. All rights reserved. 6 www.entrust.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback