Fórum

Enabling Single Sign On using tivoli access manager

ratna prasad kakani, modificado 13 Anos atrás.

Enabling Single Sign On using tivoli access manager

New Member Postagens: 11 Data de Entrada: 02/11/10 Postagens Recentes
Hai,

How can a liferay portal can be configured beyond tivoli access manager for enabling single sign on.

regards
thumbnail
Jonas X. Yuan, modificado 13 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

Liferay Master Postagens: 993 Data de Entrada: 27/04/07 Postagens Recentes
It is possible in general.

but It would be nice to know your detailed requirements.

Thanks

Jonas Yuan
ratna prasad kakani, modificado 13 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

New Member Postagens: 11 Data de Entrada: 02/11/10 Postagens Recentes
Hi Jonas,

thanks for your reply,

We are using liferay 6.0.5 community edition, the login to liferay should be authenticated via Tivoli access manager.

till now what we have done to configure both liferay and TAM is

We have created and standard junction in TAM by giving liferay url and username and password.

when we access Tivoli access manager login page after providing username and password configured in TAM it is redirecting liferay login page, instead of home page.

we are unable to find out where the problem is and what went wrong.


regards
ratna prasad kakani, modificado 13 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

New Member Postagens: 11 Data de Entrada: 02/11/10 Postagens Recentes
Hai

Can we use site minder hook for integrating liferay with TAM
thumbnail
Mika Koivisto, modificado 13 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

Liferay Legend Postagens: 1519 Data de Entrada: 07/08/06 Postagens Recentes
Yes, you can do that. Basically the integration can work by making TAM provide the user name as header and then configure SiteMinderAutoLogin to authenticate based on that header.

The only thing you are then left to handle is logout. You need to create a post logout action that will redirect the user to TAM logout url.
ratna prasad kakani, modificado 13 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

New Member Postagens: 11 Data de Entrada: 02/11/10 Postagens Recentes
hi mika,

thank you, we will try and comment on it.

regards
ratna prasad kakani, modificado 13 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

New Member Postagens: 11 Data de Entrada: 02/11/10 Postagens Recentes
hai,

i didnt worked out.

[forms-sso-login-pages]

we are trying to create a standard junction in tam with the following parameters

login-page-stanza = test

login-page = http://tivtrng1/newpheonix/web/guest
login-form-action = http://tivtrng2/user/joebloggs/home

gso-resource = junctionname


argument-stanza = args-for-login-page-one


[args-for-login-page-one]


login= gso:username

password= gso:password

#idssserver= string:server1

i dont know where we went wrong
ratna prasad kakani, modificado 13 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

New Member Postagens: 11 Data de Entrada: 02/11/10 Postagens Recentes
Hai all,

this is the explanation from tivoli people regarding liferay integration.

This is being generated due to incorrect "login-page" specified in the
junction's FSSO configuration file.

Please see the following :

DCF Document ID: 1174236 - IBM Tivoli Access Manager for e-business:
Problem with FSSO receiving error DPWWA2016E
Problem Desc: While trying to use Forms Single Sign On an error is
displayed when one tries to access a page that would have caused FSSO to
activate. The error displayed on the web browser reads: DPWWA2016E No
HTML form for single-sign-on was found.

Solution: This occurs when no HTML form with an action URI matching the
login-form-action was found in the document returned from the junction.

For example with the following truncated FSSO conf file:
[forms-sso-login-pages]
login-page-stanza = test1
[test1]
login-page = /login1.html
login-form-action = /login.cgi
gso-resource =
argument-stanza = login1

What this means is that WebSEAL will intercept any page that matches the
string in login-page in this case /login.html and looks for a form with
the action login-form-action in this case /login.cgi If WebSEAL can not

find the form specified in the FSSO config file then it will give the
error you reported.

To fix this examine the login page being returned from the junction.
Is it an HTML or WML document?
Does it contain an HTML form?
Does the form action URI match the login-form-action entry in the forms
SSO configuration file?

any abody help me in fixing the problem.

regards
ratna prasad kakani, modificado 13 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

New Member Postagens: 11 Data de Entrada: 02/11/10 Postagens Recentes
we are trying to create a tam junction with the following parameters

[forms-sso-login-pages]
login-page-stanza = pho
[pho]
login-page = /web/guest*
login-form-action = http://125.62.194.62/web/guest/home\?p_auth*
gso-resource = newphoenix
argument-stanza = args-for-login-page-one
[args-for-login-page-one]
_58_login = gso:username
_58_password = gso:password

could any body tell me was there any wrong in the parameters.
thumbnail
Mika Koivisto, modificado 13 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

Liferay Legend Postagens: 1519 Data de Entrada: 07/08/06 Postagens Recentes
I'm not that familiar with the TAM config but I would expect to see /pkmslogin.form or similar in the login page. Although you can configure it to allow all traffic to Liferay and specify a liferay page as the login page. Then you need to have a login portlet that posts to the login url of TAM.
ratna prasad kakani, modificado 13 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

New Member Postagens: 11 Data de Entrada: 02/11/10 Postagens Recentes
Hai,

this is query from TAM people.

Actually why login-page=/pkmslogin.form

Is backend server webseald?
thumbnail
Hugh Martin, modificado 12 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

Junior Member Postagens: 75 Data de Entrada: 15/06/10 Postagens Recentes
Did you ever get this working?
ratna prasad kakani, modificado 12 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

New Member Postagens: 11 Data de Entrada: 02/11/10 Postagens Recentes
no, i am unable to do the integration
thumbnail
Mika Koivisto, modificado 12 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

Liferay Legend Postagens: 1519 Data de Entrada: 07/08/06 Postagens Recentes
The SSO should be fairly simple using SiteMinderAutoLogin or HeaderAutoLogin hooks. Basically TAM just needs to pass a header to Liferay and Liferay authenticates the user based on that header. Usually you also need to configure Liferay to use LDAP to pull the user profile info.
thumbnail
Ranga Rao Bobbili, modificado 11 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

Regular Member Postagens: 152 Data de Entrada: 20/07/07 Postagens Recentes
Hi All,

Any success on TAM and liferay integration. I am unable to integrate TAM webseal integration with liferay(tried using SiteminderAutoLogin).

I saw so many message board threads, but i didn't find the success.

Could you please provide me the valuable inputs to achieve this feature.

My development Environment:
Liferay Portal 6.1, Jboss

Thanks in advance.........

Best Regards,
Ranga Rao Bobbili
Adaequare INC
Deepanshu Seth, modificado 8 Anos atrás.

RE: Enabling Single Sign On using tivoli access manager

Junior Member Postagens: 55 Data de Entrada: 12/10/15 Postagens Recentes
Hi,

Do we have any Steps to integrate Liferay with Tivoli/Security Access Manager on Windows.

Regards,
Deepanshu