Foros de discusión

  1. Inicio
  2. Portal
  3. Enabling Single Sign On using tivoli access manager

Enabling Single Sign On using tivoli access manager

ratna prasad kakani, modificado hace 13 años.

Enabling Single Sign On using tivoli access manager

New Member Mensajes: 11 Fecha de incorporación: 2/11/10 Mensajes recientes
Hai,

How can a liferay portal can be configured beyond tivoli access manager for enabling single sign on.

regards
thumbnail
Jonas X. Yuan, modificado hace 13 años.

RE: Enabling Single Sign On using tivoli access manager

Liferay Master Mensajes: 993 Fecha de incorporación: 27/04/07 Mensajes recientes
It is possible in general.

but It would be nice to know your detailed requirements.

Thanks

Jonas Yuan
ratna prasad kakani, modificado hace 13 años.

RE: Enabling Single Sign On using tivoli access manager

New Member Mensajes: 11 Fecha de incorporación: 2/11/10 Mensajes recientes
Hi Jonas,

thanks for your reply,

We are using liferay 6.0.5 community edition, the login to liferay should be authenticated via Tivoli access manager.

till now what we have done to configure both liferay and TAM is

We have created and standard junction in TAM by giving liferay url and username and password.

when we access Tivoli access manager login page after providing username and password configured in TAM it is redirecting liferay login page, instead of home page.

we are unable to find out where the problem is and what went wrong.


regards
ratna prasad kakani, modificado hace 13 años.

RE: Enabling Single Sign On using tivoli access manager

New Member Mensajes: 11 Fecha de incorporación: 2/11/10 Mensajes recientes
Hai

Can we use site minder hook for integrating liferay with TAM
thumbnail
Mika Koivisto, modificado hace 13 años.

RE: Enabling Single Sign On using tivoli access manager

Liferay Legend Mensajes: 1519 Fecha de incorporación: 7/08/06 Mensajes recientes
Yes, you can do that. Basically the integration can work by making TAM provide the user name as header and then configure SiteMinderAutoLogin to authenticate based on that header.

The only thing you are then left to handle is logout. You need to create a post logout action that will redirect the user to TAM logout url.
ratna prasad kakani, modificado hace 13 años.

RE: Enabling Single Sign On using tivoli access manager

New Member Mensajes: 11 Fecha de incorporación: 2/11/10 Mensajes recientes
hi mika,

thank you, we will try and comment on it.

regards
ratna prasad kakani, modificado hace 13 años.

RE: Enabling Single Sign On using tivoli access manager

New Member Mensajes: 11 Fecha de incorporación: 2/11/10 Mensajes recientes
hai,

i didnt worked out.

[forms-sso-login-pages]

we are trying to create a standard junction in tam with the following parameters

login-page-stanza = test

login-page = http://tivtrng1/newpheonix/web/guest
login-form-action = http://tivtrng2/user/joebloggs/home

gso-resource = junctionname


argument-stanza = args-for-login-page-one


[args-for-login-page-one]


login= gso:username

password= gso:password

#idssserver= string:server1

i dont know where we went wrong
ratna prasad kakani, modificado hace 13 años.

RE: Enabling Single Sign On using tivoli access manager

New Member Mensajes: 11 Fecha de incorporación: 2/11/10 Mensajes recientes
Hai all,

this is the explanation from tivoli people regarding liferay integration.

This is being generated due to incorrect "login-page" specified in the
junction's FSSO configuration file.

Please see the following :

DCF Document ID: 1174236 - IBM Tivoli Access Manager for e-business:
Problem with FSSO receiving error DPWWA2016E
Problem Desc: While trying to use Forms Single Sign On an error is
displayed when one tries to access a page that would have caused FSSO to
activate. The error displayed on the web browser reads: DPWWA2016E No
HTML form for single-sign-on was found.

Solution: This occurs when no HTML form with an action URI matching the
login-form-action was found in the document returned from the junction.

For example with the following truncated FSSO conf file:
[forms-sso-login-pages]
login-page-stanza = test1
[test1]
login-page = /login1.html
login-form-action = /login.cgi
gso-resource =
argument-stanza = login1

What this means is that WebSEAL will intercept any page that matches the
string in login-page in this case /login.html and looks for a form with
the action login-form-action in this case /login.cgi If WebSEAL can not

find the form specified in the FSSO config file then it will give the
error you reported.

To fix this examine the login page being returned from the junction.
Is it an HTML or WML document?
Does it contain an HTML form?
Does the form action URI match the login-form-action entry in the forms
SSO configuration file?

any abody help me in fixing the problem.

regards
ratna prasad kakani, modificado hace 13 años.

RE: Enabling Single Sign On using tivoli access manager

New Member Mensajes: 11 Fecha de incorporación: 2/11/10 Mensajes recientes
we are trying to create a tam junction with the following parameters

[forms-sso-login-pages]
login-page-stanza = pho
[pho]
login-page = /web/guest*
login-form-action = http://125.62.194.62/web/guest/home\?p_auth*
gso-resource = newphoenix
argument-stanza = args-for-login-page-one
[args-for-login-page-one]
_58_login = gso:username
_58_password = gso:password

could any body tell me was there any wrong in the parameters.
thumbnail
Mika Koivisto, modificado hace 13 años.

RE: Enabling Single Sign On using tivoli access manager

Liferay Legend Mensajes: 1519 Fecha de incorporación: 7/08/06 Mensajes recientes
I'm not that familiar with the TAM config but I would expect to see /pkmslogin.form or similar in the login page. Although you can configure it to allow all traffic to Liferay and specify a liferay page as the login page. Then you need to have a login portlet that posts to the login url of TAM.
ratna prasad kakani, modificado hace 13 años.

RE: Enabling Single Sign On using tivoli access manager

New Member Mensajes: 11 Fecha de incorporación: 2/11/10 Mensajes recientes
Hai,

this is query from TAM people.

Actually why login-page=/pkmslogin.form

Is backend server webseald?
thumbnail
Hugh Martin, modificado hace 13 años.

RE: Enabling Single Sign On using tivoli access manager

Junior Member Mensajes: 75 Fecha de incorporación: 15/06/10 Mensajes recientes
Did you ever get this working?
ratna prasad kakani, modificado hace 12 años.

RE: Enabling Single Sign On using tivoli access manager

New Member Mensajes: 11 Fecha de incorporación: 2/11/10 Mensajes recientes
no, i am unable to do the integration
thumbnail
Mika Koivisto, modificado hace 12 años.

RE: Enabling Single Sign On using tivoli access manager

Liferay Legend Mensajes: 1519 Fecha de incorporación: 7/08/06 Mensajes recientes
The SSO should be fairly simple using SiteMinderAutoLogin or HeaderAutoLogin hooks. Basically TAM just needs to pass a header to Liferay and Liferay authenticates the user based on that header. Usually you also need to configure Liferay to use LDAP to pull the user profile info.
thumbnail
Ranga Rao Bobbili, modificado hace 11 años.

RE: Enabling Single Sign On using tivoli access manager

Regular Member Mensajes: 152 Fecha de incorporación: 20/07/07 Mensajes recientes
Hi All,

Any success on TAM and liferay integration. I am unable to integrate TAM webseal integration with liferay(tried using SiteminderAutoLogin).

I saw so many message board threads, but i didn't find the success.

Could you please provide me the valuable inputs to achieve this feature.

My development Environment:
Liferay Portal 6.1, Jboss

Thanks in advance.........

Best Regards,
Ranga Rao Bobbili
Adaequare INC
Deepanshu Seth, modificado hace 8 años.

RE: Enabling Single Sign On using tivoli access manager

Junior Member Mensajes: 55 Fecha de incorporación: 12/10/15 Mensajes recientes
Hi,

Do we have any Steps to integrate Liferay with Tivoli/Security Access Manager on Windows.

Regards,
Deepanshu