Configuring SSO between IBM Connections and FileNet cells
Single sign-on between IBM FileNet Collaboration Services and IBM Connections is mandatory for use of the Library widget.
Single sign-on between IBM FileNet Collaboration Services and IBM Connections is not mandatory for use of the Linked Library widget, but is supported and always preferable for a better user experience.
Single sign-on provides the usage of the user credentials between IBM Connections and FileNet without the need of authenticating again
Checking the SSO domain
First of all, you must check the defined domain for the SSO, and confirm it is correct and common to both IBM Connections and FileNet servers
- Log into IBM Connections DMGR console.
- Navigate to security > global security > web and sip security > single sign on
- Verify the domain configuration. The domain name should be part of the url common to both IBM Connections and FileNet URLs. This value should begin with a ".". In our case, the correct value is ".edifixio-online.com".
- Repeat the same operations in the FileNet WebSphere Application Server console and confirm SSO domain name is correctly configured
Exchanging LTPA keys between servers
To decode the LTPA token provided by the other server, IBM Connections and FileNet servers requires a common key.
In this sample, we export the IBM Connections LTPA key and import it into FileNet server.
You could get to the same result exporting the key from the FileNet server and importing it into IBM Connections
Exporting IBM Connections LTPA keys
1. Log into
IBM Connections DMGR console.
2. Navigate to security > global security > LTPA
In cross cell single sign on
, fill in a password and a destination file to export the keys to. Click export keys.
Importing LTPA keys in FileNet server
1. Copy the destination file the keys have been exported to on the IBM Connections server to the FileNet server
2. Log into FileNet WebSphere Application Server administration console.
3. Navigate to security > global security > LTPA
In cross cell single sign on, fill in the password used to export the keys from IBM Connections servern and the keys file location, and click import keys.
Confirm the keys have been correctly imported, then click Save.
4. Synchronize the nodes.
5. Stop all FileNet application servers, FileNet nodeagent, and FileNet DMGR.
6. Start FileNet DMGR, FileNet nodeagent, and FileNet application servers.