| Author |
PORTAL 6 SSO with Windows Desktop
|
|
| davidgiovanon@hotmail.com 2007-12-24, 1:26 pm |
| Is it possible to achieve SSO with Windows Desktop (WinXP/Vista) with WebSphere Portal 6? We are trying to achieve an environment where users will only have a single id and password. For example, users will login into their Windows and when they click on
IE Shortcut to WebSphere Portal, they will be immediately authenticated into the WebSphere Portal.
| |
| jbrinkman@cskauto.com 2007-12-24, 7:20 pm |
| There is a TAI you can use to transparently authenticate users in portal that have already authenticated with the Windows domain. See the following for some details:<br />
<br />
<a class="jive-link-external" href="http://www-128.ibm.com/developerworks/websphere/techjournal/0508_benantar/0508_benantar.html">http://www-128.ibm.com/developerwor...ere/techjournal /0508_benantar/0508_benantar.html</a>
| |
|
| Yes, it is possible - however, it can be complected. You'll need to do the following:<br />
<ul>
<li>Configure WebSphere Application Server to support Kerberos. This can be done using: <a class="jive-link-external" href="http://www.ibm.com/developerworks/websphere/downloads/kerberos.html">http://www.ibm.com/developerworks/w...nloads/kerberos
.html</a></li>
<li>Configure WebSphere Portal Server authentication to work against Active Directory. For more information, see: <a class="jive-link-external" href="http://publib.boulder.ibm.com/infocenter/wpdoc/v6r0/index.jsp?topic=/com.ibm.wp.ent.doc/wpf/msad_ldap.htm
l">http://publib.boulder.ibm.com/infocenter/wpdo c/v6r0/index.jsp?topic=/com.ibm.wp.ent.doc/wpf/msad_ldap.html</a></li>
<li>Configure Windows Active Directory to work with Kerberos. This includes creating a user account that will be mapped to the Kerberos service principal name (SPN). in the KDC, map the user account to the Kerberos service principal name (SPN). This user
account represents the WebSphere Application Server as being a Kerberize'd service with the KDC. Use the <u>setspn</u> tool to establish WebSphere Application Server as the user.</li>
</ul>
<br />
Roy
| |
| GERMAN DAVID GIOVANON 2007-12-26, 7:23 pm |
| I wanted to thank for your help!!!; the link for download kerberos is not available.....You know where I can get it....<br />
<br />
Sorry my english is basic, Thanks again.<br />
<br />
David Giovanon
| |
| GERMAN DAVID GIOVANON 2007-12-26, 7:23 pm |
| Mark, THANK YOU FOR YOUR HELP!!,Sorry my english is basic, I am trying to read your post, what do you think about kerberos???? do you speek spanish???<br />
<br />
THANKS AGAIN!!!!!!<br />
<br />
David Giovanon
| |
|
| Any luck David yet on SSO with Windows Desktop ? I am also having the same requirement...
| |
|
|
| GERMAN DAVID GIOVANON 2008-01-02, 1:26 pm |
| NishK, Thanks for all, do you speek spanish??
| |
|
| No David, I don't speak Spanish
| |
| GERMAN DAVID GIOVANON 2008-01-02, 1:26 pm |
| Ok, please let me know if you have any news. Thanks
| |
|
| I would suggest you can try the second option provided in the URL I sent in my earlier post after you have configured your AD to work with the WPS.
Another approach could be <a class="jive-link-external" href="http://publib.boulder.ibm.com/infocenter/wpdoc/v6r0/index.jsp?topic=/com.ibm.wp.ent.doc/wpf/tait_nbl_hba4sc.html">http://publib.boulder.ibm.com/infocente r/wpdoc/v6r0/index.jsp?topic=/com.ibm.w
p.ent.doc/wpf/tait_nbl_hba4sc.html</a>
Let me know if you are able to make it work.
|
|
|
|