0

Most documentations I find including the IBM connection Wiki page does not talk about implementing SSO between Java EE app and Connections.

Has anyone ever achieved this?

In the past I did manage to get away with it using CredentialVault with WebSphere portal, but it looks like getting SSO to work on a standard Java EE app is a mission. How do one resolves this issue?

The basic auth is slow and make the app to be clanky if you will be issuing multiple requests to connections.

Any one who knows a blog about this or a documentation please share.

Thakhani Tharage
  • 1,288
  • 16
  • 19

4 Answers4

1

From a security perspective OAuth is the preferred way, assuming you are just targeting Connections 4. While OAuth is not an SSO solution the token returned for Connections can be valid for a long period of time, for example 6 months. The user would only have to enter their Connections credentials again when the token expires.

Ryan Baxter
  • 1,237
  • 2
  • 8
  • 16
  • I think this might be the way to go, though it wouldn't hurt to know how the SSO implementation is done. With OAuth, is there a page/blog explaining how its implemented with C4. – Thakhani Tharage Dec 06 '12 at 07:46
0

Yes, you can use LTPATokens between WebSphere Application Servers. what appserver are you using?

the SBTSDK helps you manage the authentication mechanisms to access Connections APIs.

BasicAuth with the SDK is cached, you might want to consider it

Paul Bastide
  • 1,505
  • 4
  • 17
  • 22
  • I am using was 7 and IBM Connections 4. The idea is to deploy the enterprise application in the same server where connections is running. If you have done this before please help or point me to a blog where i can get direction on how to implement it. – Thakhani Tharage Dec 06 '12 at 07:40
0

If you can deploy your war or ear on the connections server, try to put in this JSP:

<?xml version="1.0" encoding="UTF-8" ?>
<%@ page language="java" contentType="text/xml; charset=UTF-8" pageEncoding="UTF-8"%>
<%
String  userid=request.getRemoteUser();
String widgetBody="Welcome: "+userid;
%>
<iw:iwidget id="KPIWidgets" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:iw="http://www.ibm.com/xmlns/prod/iWidget" 
supportedModes="view" lang="en" iScope="KPIWidgetsScope">
<iw:content mode="view">
<![CDATA[<%=widgetBody%>]]> 
</iw:content>
</iw:iwidget>

Make sure that the JSP is a protected resource in your web.xml (needs a security constraint). In this format you can register this JSP as the widget.xml.

If SSO is working, you should see a valid Welcome message.

mpjjonker
  • 917
  • 1
  • 6
  • 28
0

As Paul already mentioned the IBM Social Business Toolkit SDK - there is also a SSO Endpoint Connector in there. Perhaps this solves your problem out of the box?

CHH
  • 41
  • 3