WebSphere Portal Server - SSO , ACTIVE DIRECTORY, LDAP , KERBEROS , TAI++ , SPNEGO

Author

SSO , ACTIVE DIRECTORY, LDAP , KERBEROS , TAI++ , SPNEGO

GERMAN DAVID GIOVANON

2007-12-28, 1:40 am

I WANT TO CREATE A SINGLE SIGN ON WITH MICROSOFT ACTIVE DIRECTORY ON LDAP OVER PORTAL. I HAVE READ SOME PEOPLE USE KERBEROS, TAI++ AND SPNEGO, BUT I DON'T KNOW HOW TO USE THEM AT ALL. PLEASE I REALLY NEED SOMEONE TO HELP ME WITH THIS AND GIVE M
E SOME EXPLANATIONS. THANKS... 
DAVID GIOVANON

2007-12-31, 7:37 am

WebSphere Portal 6 does not have out-of-the-box SSO support for windows desktop (Kerberos authentication), but it can be configured provided that you have a TAI module that supports that in place. 
 
If you wish to have help please contact me. 
 
Oved

nishant.kansal@wipro.com

2008-01-01, 1:39 am

Try the second option mentioned here using Websphere Security. This looks pretty easy to do. 
<a class="jive-link-external" href="http://www-1.ibm.com/support/docview.wss?uid=swg21140014">http://www-1.ibm.com/support/docvie...uid=swg21140014</a>

ovedy@mainsoft.com

2008-01-02, 7:33 am

Your suggestion does ndot work for SPNEGO and Kerberos. He is looking for a true windows desktop SSO solution.

2008-01-02, 1:26 pm

Hi Oved, 
What do you mean by true SSO ? If my requirement gets fulfilled without custom TAI, then it is fine. SPNEGO and Kerberos are just other ways to achieve it. 
 
<ul class="jive-dash">
<li>NishK</li>
</ul>

ovedy@mainsoft.com

2008-01-02, 1:26 pm

You are absolutely right. there are many ways to achive SSO and the articles that you sent shows some of them. 
 
The title of the thread says Kerberos and SPNEGO specifically which allows delegation of the windows desktop credential to the Porta all the way to the database (where you can assign and revoke permissions to database resources based on the user credentia
ls) and thus I refered to it as a requirement.