This document contains the step-by-step instructions to configure single sign-on (SSO) for Workplace XT by using Tivoli Access Manager and WebSEAL.
To configure single sign-on integration between Tivoli Access Manager for e-business and IBM FileNet Workplace XT:
- Complete the pre-deployment tasks.
- Configure and deploy Workplace XT with Tivoli Access Manager and WebSEAL.
- Verify the deployment of Workplace XT with Tivoli Access Manager and WebSEAL.
Completing the pre-deployment tasks
1. Install and configure Tivoli Access Manager for e-business by using the IBM Tivoli Access Manager for e-business V6.1 Installation Guide. See IBM Tivoli Access Manager for e-business Version 6.1.1 Information Center for more information.
You must install the three components of Tivoli Access Manager:
- Policy Server
- Authorization Server
2. Install and configure IBM FileNet P8 Content Engine (CE) and IBM FileNet P8 Workplace XT. See Product Documentation for FileNet P8 for more information.
You should configure the LTPA SSO on the WebSphere Application Server on which Workplace XT and Content Engine applications are installed. To synchronize the keys, you should export the key from the instance of WebSphere Application Server that is running Content Engine and import it into the instance of WebSphere Application Server that is running Workplace XT.
3. Verify the deployment of Workplace XT by going to this URL: http://<server_name>:<port_number>/WorkplaceXT.
4. Configure Workplace XT with Tivoli Access Manager for e-business integration by following the steps provided for Application Engine in chapter 4, "Single sign-on using Tivoli Access Manager for e-business" of the Single Sign-On Solutions for IBM FileNet P8 redbook.
- Replace all references to Application Engine by Workplace XT in the steps to configure Workplace XT with Tivoli Access Manager.
- WorkpalceXT only supports transparent junctions. Therefore, the value for ssoProxyContextPath should be /. If any other value was entered, the URL ends with /<proxyname>/WorkplaceXT , which is not supported.
Configuring and deploying Workplace XT with Tivoli Access Manager
The following items contain information that will help configure and deploy Workplace XT with Tivoli Access Manager:
1. Configure and deploy Workplace XT first and then verify the deployment as a stand alone application before configuring Workplace XT with Tivoli Access Manager.
2. Create a junction for Workplace XT by using the server task sub command on top of the pdadmin command in the Tivoli Access Manager WebSEAL server:
server task default-webseald-<TAM Server> create -t tcp -h <Workplace XT hostname> -p <port_no> -i -b ignore -J trailer -f -A -F <LTPA Key> -Z <LTPA Key password> /<junction_name>
server task default-webseald-abc.net.com create -t tcp -h xyz.net.com -p 9080 -i -b ignore -J trailer -f -A -F C:\xyz.key -Z passw0rd /p8
The junction name in the previous example above is p8.
Tip: For more information on the syntax and the options for creating the junction, see Creating a junction point (server task create).
3. Restart the WebSphere Application server where Workplace XT is installed and the WebSEAL server instance.
Verifying deployment of Workplace XT with Tivoli Access Manager
To verify the SSO deployment:
- Access the following links within a web browser to verify whether Workplace XT is configured correctly with Tivoli Access Manager:
http:// <TAM Server> / WorkplaceXT
Important: You must provide the Tivoli Access Manager credentials for accessing the above link.