Setting up SSO and SSL for Process Portal

For remote environments where Process Portal and your product server are in different cells, set up single-sign-on (SSO) and Secure Sockets Layer (SSL) configuration manually.

Before you begin

Before you complete this task, you must have completed the following tasks:

• Enable application security and administrative security. See Enabling security for the Business Space component.
• Check that your user ID is registered in the user registry for your product.

Tip: If you have separate cells configured, make sure that SSO considerations are taken into account (including that LTPA keys are in sync, shared user names/realm names are in sync, and certificates are imported as appropriate). In some cases, with IBM Business Process Manager, there might be multiple repositories in the realm, which might result in a realm-mismatch error. See Managing the realm in a federated repository configuration in the WebSphere Application Server documentation.

1. If Process Portal is remote from where your product is running, and if the node where Process Portal is running and the node where your product is running are not in the same cell, you must complete manual steps to make sure that SSO is enabled. For example, if you are using more than one product, the servers are on different nodes, and you want them all to be able to work with the Business Space server, you must manually configure SSO. To enable SSO, complete the following steps:
   1. On the administrative console for each server, open the Global security page by clicking Security > Global security. Expand Web and SIP security and click single sign-on (SSO) to make sure that the Enabled check box is selected.
   2. Make sure that all the nodes use the same User account repository information.
   3. Follow the steps in Import and export keys in the WebSphere Application Server information center.
2. If you are using HTTPS in the endpoints file, the endpoint location is on a different node than Process Portal, and the SSL certificate is a self-signed SSL certificate, you must import it.

   Make sure that the signers are configured in the appropriate truststores for the Process Portal server and the IBM® Business Process Manager server. See Secure communications using Secure Sockets Layer (SSL) in the WebSphere Application Server information center.

   For more information about SSO and SSL, see the WebSphere® Application Server information center.