Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
ratna prasad kakani
Enabling Single Sign On using tivoli access manager
January 21, 2011 8:09 PM
Answer

ratna prasad kakani

Rank: New Member

Posts: 11

Join Date: November 2, 2010

Recent Posts

Hai,

How can a liferay portal can be configured beyond tivoli access manager for enabling single sign on.

regards
Jonas Yuan
RE: Enabling Single Sign On using tivoli access manager
January 22, 2011 12:00 AM
Answer

Jonas Yuan

Rank: Liferay Master

Posts: 993

Join Date: April 26, 2007

Recent Posts

It is possible in general.

but It would be nice to know your detailed requirements.

Thanks

Jonas Yuan
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
January 23, 2011 6:50 PM
Answer

ratna prasad kakani

Rank: New Member

Posts: 11

Join Date: November 2, 2010

Recent Posts

Hi Jonas,

thanks for your reply,

We are using liferay 6.0.5 community edition, the login to liferay should be authenticated via Tivoli access manager.

till now what we have done to configure both liferay and TAM is

We have created and standard junction in TAM by giving liferay url and username and password.

when we access Tivoli access manager login page after providing username and password configured in TAM it is redirecting liferay login page, instead of home page.

we are unable to find out where the problem is and what went wrong.


regards
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
January 25, 2011 1:41 AM
Answer

ratna prasad kakani

Rank: New Member

Posts: 11

Join Date: November 2, 2010

Recent Posts

Hai

Can we use site minder hook for integrating liferay with TAM
Mika Koivisto
RE: Enabling Single Sign On using tivoli access manager
January 27, 2011 2:44 PM
Answer

Mika Koivisto

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1499

Join Date: August 7, 2006

Recent Posts

Yes, you can do that. Basically the integration can work by making TAM provide the user name as header and then configure SiteMinderAutoLogin to authenticate based on that header.

The only thing you are then left to handle is logout. You need to create a post logout action that will redirect the user to TAM logout url.
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
January 27, 2011 7:28 PM
Answer

ratna prasad kakani

Rank: New Member

Posts: 11

Join Date: November 2, 2010

Recent Posts

hi mika,

thank you, we will try and comment on it.

regards
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
January 28, 2011 4:58 AM
Answer

ratna prasad kakani

Rank: New Member

Posts: 11

Join Date: November 2, 2010

Recent Posts

hai,

i didnt worked out.

[forms-sso-login-pages]

we are trying to create a standard junction in tam with the following parameters

login-page-stanza = test

login-page = http://tivtrng1/newpheonix/web/guest
login-form-action = http://tivtrng2/user/joebloggs/home

gso-resource = junctionname


argument-stanza = args-for-login-page-one


[args-for-login-page-one]


login= gso:username

password= gso:password

#idssserver= string:server1

i dont know where we went wrong
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
February 7, 2011 9:21 AM
Answer

ratna prasad kakani

Rank: New Member

Posts: 11

Join Date: November 2, 2010

Recent Posts

Hai all,

this is the explanation from tivoli people regarding liferay integration.

This is being generated due to incorrect "login-page" specified in the
junction's FSSO configuration file.

Please see the following :

DCF Document ID: 1174236 - IBM Tivoli Access Manager for e-business:
Problem with FSSO receiving error DPWWA2016E
Problem Desc: While trying to use Forms Single Sign On an error is
displayed when one tries to access a page that would have caused FSSO to
activate. The error displayed on the web browser reads: DPWWA2016E No
HTML form for single-sign-on was found.

Solution: This occurs when no HTML form with an action URI matching the
login-form-action was found in the document returned from the junction.

For example with the following truncated FSSO conf file:
[forms-sso-login-pages]
login-page-stanza = test1
[test1]
login-page = /login1.html
login-form-action = /login.cgi
gso-resource =
argument-stanza = login1

What this means is that WebSEAL will intercept any page that matches the
string in login-page in this case /login.html and looks for a form with
the action login-form-action in this case /login.cgi If WebSEAL can not

find the form specified in the FSSO config file then it will give the
error you reported.

To fix this examine the login page being returned from the junction.
Is it an HTML or WML document?
Does it contain an HTML form?
Does the form action URI match the login-form-action entry in the forms
SSO configuration file?

any abody help me in fixing the problem.

regards
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
February 14, 2011 7:48 PM
Answer

ratna prasad kakani

Rank: New Member

Posts: 11

Join Date: November 2, 2010

Recent Posts

we are trying to create a tam junction with the following parameters

[forms-sso-login-pages]
login-page-stanza = pho

login-page = /web/guest*
login-form-action = http://125.62.194.62/web/guest/home\?p_auth*
gso-resource = newphoenix
argument-stanza = args-for-login-page-one
[args-for-login-page-one]
_58_login = gso:username
_58_password = gso:password

could any body tell me was there any wrong in the parameters.
Mika Koivisto
RE: Enabling Single Sign On using tivoli access manager
February 17, 2011 3:54 PM
Answer

Mika Koivisto

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1499

Join Date: August 7, 2006

Recent Posts

I'm not that familiar with the TAM config but I would expect to see /pkmslogin.form or similar in the login page. Although you can configure it to allow all traffic to Liferay and specify a liferay page as the login page. Then you need to have a login portlet that posts to the login url of TAM.
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
February 17, 2011 10:55 PM
Answer

ratna prasad kakani

Rank: New Member

Posts: 11

Join Date: November 2, 2010

Recent Posts

Hai,

this is query from TAM people.

Actually why login-page=/pkmslogin.form

Is backend server webseald?
Hugh Martin
RE: Enabling Single Sign On using tivoli access manager
April 14, 2011 8:27 AM
Answer

Hugh Martin

Rank: Junior Member

Posts: 75

Join Date: June 15, 2010

Recent Posts

Did you ever get this working?
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
May 2, 2011 8:02 AM
Answer

ratna prasad kakani

Rank: New Member

Posts: 11

Join Date: November 2, 2010

Recent Posts

no, i am unable to do the integration
Mika Koivisto
RE: Enabling Single Sign On using tivoli access manager
May 3, 2011 12:12 PM
Answer

Mika Koivisto

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1499

Join Date: August 7, 2006

Recent Posts

The SSO should be fairly simple using SiteMinderAutoLogin or HeaderAutoLogin hooks. Basically TAM just needs to pass a header to Liferay and Liferay authenticates the user based on that header. Usually you also need to configure Liferay to use LDAP to pull the user profile info.
Ranga Rao Bobbili
RE: Enabling Single Sign On using tivoli access manager
February 20, 2013 8:00 AM
Answer

Ranga Rao Bobbili

Rank: Regular Member

Posts: 148

Join Date: July 20, 2007

Recent Posts

Hi All,

Any success on TAM and liferay integration. I am unable to integrate TAM webseal integration with liferay(tried using SiteminderAutoLogin).

I saw so many message board threads, but i didn't find the success.

Could you please provide me the valuable inputs to achieve this feature.

My development Environment:
Liferay Portal 6.1, Jboss

Thanks in advance.........

Best Regards,
Ranga Rao Bobbili
Adaequare INC