You can set up a single sign-on environment between two
computers that run IBM® WebSphere® Application Server.
Then, users can log on to an application on WebSphere Application Server on one computer
and access an application on WebSphere Application
Server on a second computer without logging on to the second computer.
Before you begin
- Both computers must have static IP addresses. Otherwise, see "Adding
IP addresses to host files" in this topic.
- WebSphere Application
Server 8.0 must
be installed on each computer.
- The IBM Rational® Asset
Manager server must be installed on each instance of WebSphere Application Server. Security
on both of the servers must be configured to the same user registry.
- You must be able to log in to both instances of Rational Asset Manager.
Procedure
- On the first computer, log on to
the WebSphere administrative
console by entering this URL in a web browser: http://fully_qualified_host_name:port_number/ibm/console
- Enable single sign-on and add the domain name:
- Select .
- Make sure that the Enabled, Interoperability
Mode, and Web inbound security attribute propagation check
boxes are selected.
- Enter a domain name.
- Click Apply.
- Change the web authentication setting for unsecure pages
to receive authentication data:
- Select .
- Select the Use available authentication data
when an unprotected URI is accessed check box.
- Click Apply.
- Enable single sign-on by having both WebSphere Application Server servers exchange
their Lightweight Third Party Authentication (LTPA) keys:
- Select .
- Enter your password and the name of the file to export
the keys, and then click Export keys.
- Import the keys to the second computer:
- Copy the key file to the second computer.
- On the second computer, log on to the WebSphere administrative console.
- Select .
- Use the password that you entered on the first computer,
and enter the name of the file that you copied to the second computer.
Click Import keys.
- Save the configuration.
- On the second computer, repeat steps 1 - 5 to change the
single sign-on and web security preferences, export the keys from
the second computer, and import the keys to the first computer.
- Save the configuration on both servers and restart them.
- On the first computer, enter this URL in a web browser: http://computer1.example.com:9080/ram
Important: Do not use localhost, a short host name,
or the IP address in place of the host name. Single sign-on requires
that the browser pass LTPA cookies to WebSphere Application Server, and these
cookies contain the fully qualified host name.
- Log on to Rational Asset
Manager web client.
- In the same browser session, enter the URL to the web client
on the second computer: http://computer2.example.com:9080/ram
- If single sign-on is configured correctly, you do not need
to log on to the second computer. Instead, the user name is displayed
on the home page.
Adding IP addresses to host files
If you
are using two computers that have dynamic IP addresses, you might
need to add entries into the host file of each computer. Whenever
the IP addresses of the computers change, you must update the hosts
files and restart the servers.
- On the first computer, open C:\WINDOWS\system32\drivers\etc\hosts.
- On a new line, enter the IP address of the first computer, such
as:
127.0.0.1 computer1.example.com
- On a new line, enter the IP address of the second computer, such
as:
computer2.example.com
- Save the file.
- On the second computer, open C:\WINDOWS\system32\drivers\etc\hosts.
- On a new line, enter this text:
127.0.0.1 computer2.example.com
- On another new line, enter this text:
IP address of first computer computer1.example.com
- Save the file.