構造的に表示 平面上に表示 ツリー上に表示
スレッド [ 前へ | 次へ ]
toggle
ratna prasad kakani
Enabling Single Sign On using tivoli access manager
2011/01/21 20:09
答え

ratna prasad kakani

ランク: New Member

投稿: 11

参加年月日: 2010/11/02

最近の投稿

Hai,

How can a liferay portal can be configured beyond tivoli access manager for enabling single sign on.

regards
Jonas Yuan
RE: Enabling Single Sign On using tivoli access manager
2011/01/22 0:00
答え

Jonas Yuan

ランク: Liferay Master

投稿: 993

参加年月日: 2007/04/26

最近の投稿

It is possible in general.

but It would be nice to know your detailed requirements.

Thanks

Jonas Yuan
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
2011/01/23 18:50
答え

ratna prasad kakani

ランク: New Member

投稿: 11

参加年月日: 2010/11/02

最近の投稿

Hi Jonas,

thanks for your reply,

We are using liferay 6.0.5 community edition, the login to liferay should be authenticated via Tivoli access manager.

till now what we have done to configure both liferay and TAM is

We have created and standard junction in TAM by giving liferay url and username and password.

when we access Tivoli access manager login page after providing username and password configured in TAM it is redirecting liferay login page, instead of home page.

we are unable to find out where the problem is and what went wrong.


regards
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
2011/01/25 1:41
答え

ratna prasad kakani

ランク: New Member

投稿: 11

参加年月日: 2010/11/02

最近の投稿

Hai

Can we use site minder hook for integrating liferay with TAM
Mika Koivisto
RE: Enabling Single Sign On using tivoli access manager
2011/01/27 14:44
答え

Mika Koivisto

LIFERAY STAFF

ランク: Liferay Legend

投稿: 1499

参加年月日: 2006/08/07

最近の投稿

Yes, you can do that. Basically the integration can work by making TAM provide the user name as header and then configure SiteMinderAutoLogin to authenticate based on that header.

The only thing you are then left to handle is logout. You need to create a post logout action that will redirect the user to TAM logout url.
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
2011/01/27 19:28
答え

ratna prasad kakani

ランク: New Member

投稿: 11

参加年月日: 2010/11/02

最近の投稿

hi mika,

thank you, we will try and comment on it.

regards
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
2011/01/28 4:58
答え

ratna prasad kakani

ランク: New Member

投稿: 11

参加年月日: 2010/11/02

最近の投稿

hai,

i didnt worked out.

[forms-sso-login-pages]

we are trying to create a standard junction in tam with the following parameters

login-page-stanza = test

login-page = http://tivtrng1/newpheonix/web/guest
login-form-action = http://tivtrng2/user/joebloggs/home

gso-resource = junctionname


argument-stanza = args-for-login-page-one


[args-for-login-page-one]


login= gso:username

password= gso:password

#idssserver= string:server1

i dont know where we went wrong
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
2011/02/07 9:21
答え

ratna prasad kakani

ランク: New Member

投稿: 11

参加年月日: 2010/11/02

最近の投稿

Hai all,

this is the explanation from tivoli people regarding liferay integration.

This is being generated due to incorrect "login-page" specified in the
junction's FSSO configuration file.

Please see the following :

DCF Document ID: 1174236 - IBM Tivoli Access Manager for e-business:
Problem with FSSO receiving error DPWWA2016E
Problem Desc: While trying to use Forms Single Sign On an error is
displayed when one tries to access a page that would have caused FSSO to
activate. The error displayed on the web browser reads: DPWWA2016E No
HTML form for single-sign-on was found.

Solution: This occurs when no HTML form with an action URI matching the
login-form-action was found in the document returned from the junction.

For example with the following truncated FSSO conf file:
[forms-sso-login-pages]
login-page-stanza = test1
[test1]
login-page = /login1.html
login-form-action = /login.cgi
gso-resource =
argument-stanza = login1

What this means is that WebSEAL will intercept any page that matches the
string in login-page in this case /login.html and looks for a form with
the action login-form-action in this case /login.cgi If WebSEAL can not

find the form specified in the FSSO config file then it will give the
error you reported.

To fix this examine the login page being returned from the junction.
Is it an HTML or WML document?
Does it contain an HTML form?
Does the form action URI match the login-form-action entry in the forms
SSO configuration file?

any abody help me in fixing the problem.

regards
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
2011/02/14 19:48
答え

ratna prasad kakani

ランク: New Member

投稿: 11

参加年月日: 2010/11/02

最近の投稿

we are trying to create a tam junction with the following parameters

[forms-sso-login-pages]
login-page-stanza = pho

login-page = /web/guest*
login-form-action = http://125.62.194.62/web/guest/home\?p_auth*
gso-resource = newphoenix
argument-stanza = args-for-login-page-one
[args-for-login-page-one]
_58_login = gso:username
_58_password = gso:password

could any body tell me was there any wrong in the parameters.
Mika Koivisto
RE: Enabling Single Sign On using tivoli access manager
2011/02/17 15:54
答え

Mika Koivisto

LIFERAY STAFF

ランク: Liferay Legend

投稿: 1499

参加年月日: 2006/08/07

最近の投稿

I'm not that familiar with the TAM config but I would expect to see /pkmslogin.form or similar in the login page. Although you can configure it to allow all traffic to Liferay and specify a liferay page as the login page. Then you need to have a login portlet that posts to the login url of TAM.
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
2011/02/17 22:55
答え

ratna prasad kakani

ランク: New Member

投稿: 11

参加年月日: 2010/11/02

最近の投稿

Hai,

this is query from TAM people.

Actually why login-page=/pkmslogin.form

Is backend server webseald?
Hugh Martin
RE: Enabling Single Sign On using tivoli access manager
2011/04/14 8:27
答え

Hugh Martin

ランク: Junior Member

投稿: 75

参加年月日: 2010/06/15

最近の投稿

Did you ever get this working?
ratna prasad kakani
RE: Enabling Single Sign On using tivoli access manager
2011/05/02 8:02
答え

ratna prasad kakani

ランク: New Member

投稿: 11

参加年月日: 2010/11/02

最近の投稿

no, i am unable to do the integration
Mika Koivisto
RE: Enabling Single Sign On using tivoli access manager
2011/05/03 12:12
答え

Mika Koivisto

LIFERAY STAFF

ランク: Liferay Legend

投稿: 1499

参加年月日: 2006/08/07

最近の投稿

The SSO should be fairly simple using SiteMinderAutoLogin or HeaderAutoLogin hooks. Basically TAM just needs to pass a header to Liferay and Liferay authenticates the user based on that header. Usually you also need to configure Liferay to use LDAP to pull the user profile info.
Ranga Rao Bobbili
RE: Enabling Single Sign On using tivoli access manager
2013/02/20 8:00
答え

Ranga Rao Bobbili

ランク: Regular Member

投稿: 148

参加年月日: 2007/07/20

最近の投稿

Hi All,

Any success on TAM and liferay integration. I am unable to integrate TAM webseal integration with liferay(tried using SiteminderAutoLogin).

I saw so many message board threads, but i didn't find the success.

Could you please provide me the valuable inputs to achieve this feature.

My development Environment:
Liferay Portal 6.1, Jboss

Thanks in advance.........

Best Regards,
Ranga Rao Bobbili
Adaequare INC