Wednesday, July 23, 2008

LTPA between WebSeal and WebSphere Portal

As usually, I find things on my own, the hard way. If you are trying to set-up LTPA SSO between the WebSeal reverse proxy controlled by TAM and WebSphere Portal, check this technote: http://www-1.ibm.com/support/docview.wss?uid=swg21198736

What are they trying to say in above article, is that if you use 'WPSConfig enable-security-wmmur-ldap', you'd better be aware that LTPA keys exported from Portal's WAS in order to be imported in other places (Domino, WebSeal, whatever) needs a modification:

from com.ibm.websphere.ltpa.Realm=null to com.ibm.websphere.ltpa.Realm=WMMRealm

If you want to change this permanently, then follow the article to set that property to WMMRealm for good, so that other exports of LTPA keys from WAS would keep it in the file.

If we're on the subject, be aware as well that accessing WebSphere Portal through WebSeal is done via:
http://{webseal_host}/{junction}/wps/myportal

instead of the default Portal url:

http://{portal_host}:port/wps/portal

Once you get through WebSeal, you need to access the private place of the Portal, which is /myportal, by default. If you are accessing /portal, you're prompted for login, even though you're already authenticated.

No comments: