Configuring single sign-on
Use these instructions to establish single sign-on support and configure a federated repository.
Before you begin
Attention: ITM single sign on (SSO) support is
only available with ITM Version 6.2 Fix Pack 1 or higher.
About this task
Procedure
- Log in to the Tivoli Integrated Portal.
- In the navigation pane, click Launch Websphere administrative console. and click
- In the WebSphere Application Server administrative console navigation pane, click .
- In the Authentication area, expand Web security and click Single sign-on.
- Click the Enabled option if SSO is disabled.
- Click Requires SSL if all of the requests are expected to use HTTPS.
- Enter the fully-qualified domain names in the Domain name field where SSO is effective. If the domain name is not fully qualified, the Tivoli Integrated Portal Server does not set a domain name value for the LtpaToken cookie and SSO is valid only for the server that created the cookie. For SSO to work across Tivoli® applications, their application servers must be installed in same domain (use the same domain name).
- Optional: Enable the Interoperability Mode option if you want to support SSO connections in WebSphere Application Server version 5.1.1 or later to interoperate with previous versions of the application server.
- Optional: Enable the Web inbound security attribute propagation option if you want information added during the login at a specific Tivoli Enterprise Portal Server to propagate to other application server instances.
- After clicking OK to save your changes, stop and restart all the Tivoli Integrated Portal Server instances.
What to do next
Note: When you launch Tivoli Integrated PortalWeb
GUI,
you must use a URL in the format protocol://host.domain:port /*. If
you do not use a fully-qualified domain name, Tivoli Integrated PortalWeb
GUI cannot use SSO between Tivoli
products.