Jazz Register Log in
Jazz Forum Welcome to the Jazz Community Forum

Welcome to the Jazz Community Forum

Connect and collaborate with IBM Engineering experts and users

authentication, authorization and other federated assertions

I am attempting to understand the feasibility of using SAML security tokens for access management. Assuming a repository deployment on WebSphere Application Server, what are the chances that an authenticated session can be established using a SAML token? Can authorization assertions be used for dynamically granting roles in the repository? Has anyone successfully used SAML or some other SSO or federation mechanism to replace the login screen? The administration of roles? Setting other user attributes in the system?

0 votes



6 answers

Permanent link
I am attempting to understand the feasibility of using SAML security tokens for access management. Assuming a repository deployment on WebSphere Application Server, what are the chances that an authenticated session can be established using a SAML token? Can authorization assertions be used for dynamically granting roles in the repository? Has anyone successfully used SAML or some other SSO or federation mechanism to replace the login screen? The administration of roles? Setting other user attributes in the system?


Hi Mark,

I have no experience with SAML - but I do know you can use a single sign on accross the jazz platform by using WAS and LDAP. Can that work for you?

0 votes


Permanent link

Hi Mark,

I have no experience with SAML - but I do know you can use a single sign on accross the jazz platform by using WAS and LDAP. Can that work for you?


Thanks for the reply. I think you are referring to a configuration of WAS with LDAP supplying authentication and access control? I can configure the application to use my LDAP (Active Directory, in this case) to perform authentication binds and to perform lookups for security group membership. I would like to take WAS and the Jazz server out of the business of initial authentication and access control and move those concerns to the infrastructure. Specifically, I am trying to use federated identity and authorization services across domains (TFIM and TAM) for using a third party site for hosting Rational products. I want my infrastructure to retain control of authentication and authorization without having the third party getting user IDs and passwords from end users. If I can get authentication, that will be a step forward. Reads for roles from the directory are less concerning from a security perspective and do help centralize control.

Thoughts?

0 votes


Permanent link
I have a customer that is interested in using SAML with WAS instead of directly calling LDAP. This is for a RAM install, but I can see it could be used for other WAS-based tools like RTC. Would be nice to know if this is a supported configuration, since SAML is supported in WAS, hopefully it would be supported in rational tools. Has there been any usage or testing of SAML and any of the WAS-based products?

0 votes


Permanent link
I have multiple CLM customers asking for SAML support. Please see this work item to add your support for this feature:
https://jazz.net/jazz/web/projects/Jazz%20Foundation#action=com.ibm.team.workitem.viewWorkItem&id=250779

0 votes

Comments

Have you gotten news on progress of this issue?


Permanent link
looks like as of now CLM does not support.

0 votes


Permanent link
There is now SAML support in CLM 6.0.1 See https://jazz.net/downloads/jazz-foundation/releases/6.0.1?p=news#saml601

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Jan 06 '12, 1:32 p.m.

Question was seen: 7,972 times

Last updated: Feb 17 '16, 4:01 p.m.

Confirmation Cancel Confirm