Start with Federated Realm, move to LDAP later?

Francis Kemp (72●1●29●44) | asked Sep 06 '12, 4:14 p.m.

I'm getting ready to install CLM for a customer using an Enterprise topology (JTS, CCM, QM and RM on their own virtual server). Unfortunately, the virtual infrastructure can't access the corporate LDAP server because it hasn't been 'blessed'. I'm leaning toward using a Federated Realm for users initially, then moving to LDAP in the future after the infrastructure gets blessed.

Question 1: How much pain will be involved in moving from a Federated Realm to LDAP? The same user IDs will be used in both scenarios.

Question 2: My understanding is that each Virtual Server needs to be configured to access LDAP or the Federated Realm. If Single SignOn is configured, shouldn't only the JTS server need to be configured to contact the user repository?

One answer

Most liked answers ↑|Newest answers|Oldest answers

permanent link

Stephanie Bagot (2.1k●1●5●13) | answered Jul 22 '13, 12:31 p.m.
FORUM MODERATOR / JAZZ DEVELOPER

With regards to your questions:
1- the most important part will be ensuring that the usernames and IDs are correct so that they can easily be authenticated into LDAP (when you move to LDAP) without losing any history.

2- Authentication and Authorization is handled by Tomcat/Websphere. Each application will need the configuration files to be able to access LDAP. Even with single sign on, the configuration is still needed.

Comments

Mathieu Defianas commented Nov 09 '16, 8:10 a.m.

Hello,
I have the same question for the opposal ...
I would like to change LDAP connection to Federated.
What is the impact ?
Thanks for your feedback
Mathieu

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

It's all about the answers!

Related questions

Start with Federated Realm, move to LDAP later?

One answer

Your answer