Configure Single Sign-on for WebSphere Portal V5.0.2 and DB2 Content Manager V8.2 Using LDAP and LtpaTokens

WebSphere Portal V5.0.2 and DB2 Content Manager V8.2 can be configured for single sign-on using a common LDAP directory as seen in the following diagram.




The following figure depicts the authentication process for both WebSphere Portal and DB2 Content Manager.



When WebSphere Portal is configured to use an LDAP compliant directory, the authentication request is processed as follows:

1. A user submits his credentials to a WebSphere Portal.

2. The WebSphere Portal performs user authentication against the LDAP service.

3. When authentication is successful, the user is identified to the WebSphere Portal resources.

When DB2 Content Manager is configured to use an LDAP directory, the authentication request is processed as follows:

A. A user submits a DB2 Content Manager access request, and portlet accesses LDAP service to get user credentials.

B. The user credentials are programmatically submitted to the Library Server.

C. The Library Server authenticates the user’s credentials against the external LDAP service.

D. When authentication is successful, the user is identified to DB2 Content Manager resources.

WebSphere Application Server automatically generates LTPA tokens when security is enabled. As WebSphere Portal re-uses the WebSphere Application Server security services, the LTPA tokens are present in the user’s session and can be retrieved programmatically.

The credential can then be passed to DB2 Content Manager via the DB2 Information Integrator for Content Java™ APIs, and therefore the user identity is passed between the two applications, without requiring any other form of authentication.

DB2 Content Manager must be configured to receive trusted connections (for example, LTPA tokens), and individual users must have the appropriate privileges to utilize this authentication mechanism.