This document contains the step-by-step instructions to configure single sign-on (SSO) for IBM FileNet Workplace XT by using IBM Tivoli Access Manager and WebSEAL on WebSphere Application Server.
To configure single sign-on integration between Tivoli Access Manager for e-business and IBM FileNet Workplace XT:
- Complete the pre-deployment tasks.
- Configure and deploy IBM Workplace XT with Tivoli Access Manager and WebSEAL.
- Verify the deployment of IBM Workplace XT with Tivoli Access Manager and WebSEAL.
Completing the pre-deployment tasks
1. Install and configure IBM Tivoli Access Manager for e-business by using the IBM Tivoli Access Manager for e-business V6.1 Installation Guide. See IBM Tivoli Access Manager for e-business Version 6.1.1 documentation for more information.
You must install the three components of IBM Tivoli Access Manager:
- Policy Server
- Authorization Server
2. Install and configure IBM FileNet P8 Content Engine (CE) and IBM FileNet P8 Workplace XT. See Product Documentation for FileNet P8 for more information.
3. You should configure the LTPA SSO on the WebSphere Application Server on which Workplace XT and Content Engine applications are installed. To synchronize the keys, you should export the key from the instance of WebSphere Application Server that is running Content Engine and import it into the instance of WebSphere Application Server that is running Workplace XT.
The following items contain information that will help configure and deploy Workplace XT with Tivoli Access Manager:
1. Configure and deploy IBM Workplace XT first and then verify the deployment as a stand alone application before configuring Workplace XT with Tivoli Access Manager.
2. In a web browser, enter a URL with the following format: http://<WorkplaceXT_server_name>:<port_number>/<context_root>. The default context root is WorkplaceXT. For example, http://xyz.net.com:9080/WorkplaceXT
3. Configure IBM Workplace XT with IBM Tivoli Access Manager for e-business integration by following the steps provided for Application Engine in chapter 4, "Single sign-on using Tivoli Access Manager for e-business" of the Single Sign-On Solutions for IBM FileNet P8 redbook.
Important: When you refer to the Application Engine documentation:
- Replace all references to Application Engine with Workplace XT.
- Skip the step to create the junction in section 4.2.2.
- Complete all of the steps up to section 4.2.6.
4. Create a junction for IBM Workplace XT by using the server task sub command on top of the pdadmin command in the IBM Tivoli Access Manager WebSEAL server:
pdadmin>server task default-webseald - TAM_Server create -t tcp -h IBM_WorkplaceXT_host_name -p port_number -x /junction_name
pdadmin>server task default-webseald-abc.net.com create -t tcp –h xyz.net.com -p 9080 -x /WorkplaceXT
where the junction name in the example is denoted by /WorkplaceXT, the default context root for the Workplace XT web application previously deployed in the Websphere Application Server.
Tip: For more information on the syntax and the options for creating the junction, see Configuring transparent path junctions.
5. Restart the WebSphere Application server where IBM Workplace XT is installed and the WebSEAL server instance.
Verifying deployment of Workplace XT with Tivoli Access Manager
To verify the SSO deployment:
In a web browser, enter a URL with the following format: http:// <TAM Server> / context_root
The default context root is WorkplaceXT. For example,