Hi,
I'd like to enable SSO thanks to a HTTP Header through Websphere
Our actual authentication follows this order :
- the user authenticate to a LDAP through a reverse proxy
- the user is then redirected to Websphere, which validate the user
- then, the user access webtop
As our system is evolving, we would like to :
#1 - skip the validation in Websphere thank to Trust Association Interceptor
#2 - replace the reverse proxy by another "box" (already existing) which fills the HTTP Request by a HTTP Header that contains user info (especially its ID)
#1 We have successfully installed a Trust Association Interceptor in Websphere.
We installed the Interceptor and changed the security so skip the validation.
Before, the validation used a LDAP that only contains users' IDs.
In webtop, we changed the authentication scheme to make the UserPrincipalAuthenticationScheme the first one.
We also set up a trusted user in the TrustedAuthenticatorCredentials.properties, added the webapp to the app.xml and activated SSO in the web.xml.
Now, when a user authenticates, he bypasses Websphere (so #1 works) but when he arrives in webtop, the authentication Schemes used is not the first one, but the second.
So, it seems that the user can't log thanks to the UserPrincipalAuthenticationScheme. I coulnd't find any log.
As we are going to use a HTTP header that contains the user ID, should we use the UserPrincipalAuthenticationScheme ? or is there any way that best fits our needs ?
Dis we miss something ?
Is there a way to trace precisely the authentication ?
[Edit September 30th]
There is a document about Principal Authentication with Websphere : https://www.emc.com/collateral/software/white-papers/h8213-j2ee-webtop-wp.pdf
I'm going to make some tests, but not with the user.prop and the group.prop files.
We have to many users for that solution.
Thank you.
Ce message a été modifié par : Wilhelm_PERAUD
Ce message a été modifié par : Wilhelm_PERAUD
