on 2004 Sep 01 10:34 AM
Hello,
i would write a JAAS Loginmodule for Websphere. Websphere should authenticate against the SAP Enterprise Portal. The module should use the SSO2 Cookie verifing libary.
Does anybody write a JAAS Module for Websphere or have a example for this?
Best Regards,
Patrick
http://www.unternehmensportale.biz
Message was edited by: Patrick Höfer
I haven't got a JAAS login module, but I was just working on a project were we needed SSO to domino and websphere.
The way it was solved was to use the SAP Logon ticket verifier for domino to convert the SAP logon ticket to an LTPA token, and this LTPA token was then setup to be accepted on websphere.
This was done on an "empty" iview which was included on the default framework page (so that it was done everytime the user logged on)
But you probably want to have it the other way around ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
> The way it was solved was to use the SAP Logon ticket
> verifier for domino to convert the SAP logon ticket
> to an LTPA token, and this LTPA token was then setup
> to be accepted on websphere.
> This was done on an "empty" iview which was included
> on the default framework page (so that it was done
> everytime the user logged on)
Hello Dagfinn,
thanks for your fast answer. The first paragraph i understand. You have a Domino verifyer that can check the SAPLogon Tickets.
But what did you done in the "empty" iView? An iView runs in the SAP Portal. But what is the job of the SAP Portal in your scenario? The Cookie validation was done by the Domino Server. For what you need the empty iView?
Best regards,
Patrick
Sorry, the empty iview was a bit mysterious
What the iview is doing is to fetch an 1x1 gif image which is on the domino server. This forces the generation of the LTPA token which is therefore given to the user directly after logon.
The reason why we need it, is that the user might access a page which references to websphere, before he has accessed any page on domino (which automatically creates the LTPA token). Without the "empty" iview the user would then not have the LTPA token (and there is no plugin for websphere to validate SAP logon tickets).
The reason why this solution was chosen was due to the fact the the LTPA SSO between domino and websphere allready existed.
A possible solution is to use the apache specific filter on the IBM http server in front of websphere (which is just a minor modified apache server) to convert the sap logon tickets. But I haven't heard of anyone doing this
Hello Dagfinn,
The reason why we need it, is that the user might
access a page which references to websphere, before
he has accessed any page on domino (which
automatically creates the LTPA token). Without the
"empty" iview the user would then not have the LTPA
token (and there is no plugin for websphere to
validate SAP logon tickets).
Ah, now i understand the strange "Empty iView" :-).
A possible solution is to use the apache specific
filter on the IBM http server in front of websphere
(which is just a minor modified apache server) to
convert the sap logon tickets. But I haven't heard of
anyone doing this
I see the Apache SSO-Cookie Filter in some presentations. But i didnt Found it here.
I think the Jaas login module for Websphere is the best solution. I do it this way.
Best regards,
Patrick
Message was edited by: Patrick Höfer
User | Count |
---|---|
63 | |
10 | |
7 | |
7 | |
6 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.