It's all about the answers!

Ask a question

authentication, authorization and other federated assertions


mark connolly (61) | asked Jan 06 '12, 1:32 p.m.
I am attempting to understand the feasibility of using SAML security tokens for access management. Assuming a repository deployment on WebSphere Application Server, what are the chances that an authenticated session can be established using a SAML token? Can authorization assertions be used for dynamically granting roles in the repository? Has anyone successfully used SAML or some other SSO or federation mechanism to replace the login screen? The administration of roles? Setting other user attributes in the system?

6 answers



permanent link
Kim Soederhamn (1.5k24348) | answered Jan 06 '12, 7:25 p.m.
I am attempting to understand the feasibility of using SAML security tokens for access management. Assuming a repository deployment on WebSphere Application Server, what are the chances that an authenticated session can be established using a SAML token? Can authorization assertions be used for dynamically granting roles in the repository? Has anyone successfully used SAML or some other SSO or federation mechanism to replace the login screen? The administration of roles? Setting other user attributes in the system?


Hi Mark,

I have no experience with SAML - but I do know you can use a single sign on accross the jazz platform by using WAS and LDAP. Can that work for you?

permanent link
mark connolly (61) | answered Jan 09 '12, 7:58 a.m.

Hi Mark,

I have no experience with SAML - but I do know you can use a single sign on accross the jazz platform by using WAS and LDAP. Can that work for you?


Thanks for the reply. I think you are referring to a configuration of WAS with LDAP supplying authentication and access control? I can configure the application to use my LDAP (Active Directory, in this case) to perform authentication binds and to perform lookups for security group membership. I would like to take WAS and the Jazz server out of the business of initial authentication and access control and move those concerns to the infrastructure. Specifically, I am trying to use federated identity and authorization services across domains (TFIM and TAM) for using a third party site for hosting Rational products. I want my infrastructure to retain control of authentication and authorization without having the third party getting user IDs and passwords from end users. If I can get authentication, that will be a step forward. Reads for roles from the directory are less concerning from a security perspective and do help centralize control.

Thoughts?

permanent link
Dale Nilsson (11) | answered Aug 30 '12, 10:59 a.m.
I have a customer that is interested in using SAML with WAS instead of directly calling LDAP. This is for a RAM install, but I can see it could be used for other WAS-based tools like RTC. Would be nice to know if this is a supported configuration, since SAML is supported in WAS, hopefully it would be supported in rational tools. Has there been any usage or testing of SAML and any of the WAS-based products?

permanent link
Benjamin Chodroff (8985231) | answered Mar 25 '13, 8:55 a.m.
I have multiple CLM customers asking for SAML support. Please see this work item to add your support for this feature:
https://jazz.net/jazz/web/projects/Jazz%20Foundation#action=com.ibm.team.workitem.viewWorkItem&id=250779

Comments
Robert Carter commented Jul 14 '14, 3:02 p.m.

Have you gotten news on progress of this issue?


permanent link
Manoj Panda (39346762) | answered May 19 '15, 3:15 a.m.
JAZZ DEVELOPER
looks like as of now CLM does not support.

permanent link
Rosa Naranjo (2.9k11623) | answered Feb 17 '16, 4:01 p.m.
FORUM MODERATOR / JAZZ DEVELOPER

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.