Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

SSO is not working on CLM Liberty Profiles

Questions
Tags
Users
Badges
Ahmed Ahmed
(48832) edited
Nov 09 '16, 7:37 a.m.
 
Hi, 

We have implemented the CLM 6.0.2 on distributed environment using WebSphere Liberty where each CLM application is setup on its own Liberty Profile. We are using reverse proxy technique. Environment details are:

  • Server 1 (Hostname: ihs.example.org): IBM HTTP Server (IHS) 
  • Server 2 (Hostname: jts.example.org): JTS/CLMHelp installed with the bundled Liberty Profile (Default HTTPS port : 9443)
  • Server 3 (Host-name: rm.example.org): RM/JRS/DCC/Converter installed with bundled default Liberty Profile (Default HTTPS port : 9443)
  • Server 4 (Host-name: ccm.example.org): CCM installed with bundled default Liberty Profile (Default HTTPS port : 9443)
  • Server 5 (Host-name: qm.example.org): QM installed with bundled default Liberty Profile (Default HTTPS port : 9443)
  • Server 6 (Host-name: db.example.org): Oralce database
  • Server 7 (Host-name: ldap.example.org): Ldap 

All the applications are running fine. But when i am going to implement SSO none of my applications are running. I have followed the following procedure for SSO.

  • Stopped all the servers including IHS
  • Export LTPA keys from Liberty Profile hosting JTS (server 2) application and import them to Liberty Profiles hosting rest of the CLM applications ( server 3, server 4, server 5)
  • Edited the server.xml file of each liberty profile and add the following parameters under <webAppSecurity ssoRequiresSSL="true"/>
        <webAppSecurity singleSignonEnabled="true"/>
       <webAppSecurity ssoDomainNames="example.org" />
       <ltpa keysFileName="resources/security/ltpa.keys" keysPassword="WebAS" expiration="120" />
  • Each instance of WebSphere Liberty/Full Profile is using the same user registry
  • After making all the changes i restarted all the servers. Now when i am going to open the JTS page using browser i am facing the issue "Service is currently unavailable".  I revert back all the changes and access the JTS application and its working fine without SSO.
Kindly guide me how i can enable SSO on liberty profile. I followed the following technote:


0 votes

1 answer
2,315 views
0 votes

One answer

Permanent link
Donald Nong
(14.5k614) Nov 11 '16, 4:20 a.m.
The fact that you could not even see JTS suggests that you made some mistakes with the server.xml file (and Liberty could not start up properly). I suggest you make the changes to JTS server first, and make sure you can access JTS after the change, and then move on to the next one.

I did a quick test and had no problems with the configuration (Liberty SSO across two machines). The instructions are easy enough to follow.

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 7,503

Question asked: Nov 09 '16, 5:44 a.m.

Question was seen: 2,315 times

Last updated: Nov 11 '16, 4:20 a.m.

Confirmation Cancel Confirm