Configuring for single sign-on

In order to launch from Control Desk to TADDM without logging in again, you must configure several components to work together.

Before you begin

The term single sign-on refers to the ability to launch from the Control Desk Actual Configuration Items application to one of the TADDM interfaces that provides more information about a particular configuration item, without having to sign in to the TADDM interface. To use single sign-on, Control Desk must be configured to use WebSphere® application security. Also, your TADDM server must be configured to use the same directory server that Control Desk uses, through the Virtual Member Manager on the Control Desk J2EE server.

About this task

The credentials that were supplied when logging in to Control Desk are reused to log in to TADDM. The user ID that you use to launch between Control Desk and TADDM must have all the correct privileges to view data in both applications.

Follow these steps to configure Control Desk and TADDM to enable single sign-on:

Procedure

  1. Configure the J2EE server to enable the single-sign-on capability.
  2. Configure your browser to enable the single-sign-on capability.
  3. Configure the connection between the authentication server and the authentication client.
  4. Optionally, configure the connection between the authentication server and the authentication client to use the Secure Sockets Layer (SSL) protocol.

What to do next

Note: Single sign-on authentication uses time-sensitive tokens. You must verify that the time, date, and time zone are synchronized among all authentication service and WebSphere servers that are participating in the protected domain. If the clock difference is too high between servers, the single sign-on token can expire prematurely on some servers and cause authentication or validation failures. WebSphere and authentication service-based single sign-on tokens are assigned a lifetime of two hours by default. For best results, servers must be synchronized to within 5 minutes to ensure that single sign-on tokens are evaluated consistently.


Feedback