You can configure the application server to use Security
Assertion Markup Language (SAML). SAML is an authentication protocol
that authenticates your session with an Identity Provider (IdP) rather
than directly with IBM®
Maximo® Asset Management.
Before you begin
For SAML to work correctly, you must authenticate with an
identity provider (IdP) and configure a trust association interceptor
(TAI).
Procedure
- Update all 4 web.xml files.
- Open the /maximo/maximouiweb/webmodule/WEB-INF/web.xml
file.
- Set the value of <useAppServerSecurity> to 1.
- Uncomment the <security-constraint> section.
- Uncomment the <login-config> sections for FORM login.
- Repeat steps A through D for the following files:
- /maximo/meaweb/webmodule/WEB-INF/web.xml
- /maximo/maxrestweb/webmodule/WEB-INF/web.xml
- /maximo/maboweb/webmodule/WEB-INF/web.xml
- Rebuild and redeploy the maximo.ear file.
- Log in to Maximo
Asset Management and
go to System Configuration > Platform
Configuration > System Properties.
- Set the mxe.useSAML property to 1 and set the mxe.userRealmSeparator property to a relevant value.
- Optional: If your system does not use a / as a domain
separator, set the mxe.userRealmSeparator property to the domain separator that
you use.
What to do next
By default, when you build and deploy the maximo.ear, it assumes the
presence of a maximousers group in the local repository and is used to map any users in this group
to a maximouser role. In the WebSphere® Application Server, you can bypass the mapping and authorize everyone who is trusted in this realm
to log in to Maximo
Asset Management.