Configuring SSO support in WebSphere Application Server

You can enable single sign-on (SSO) support capabilities that enable users to bypass the My Profile user credential mapping dialog in the enterprise search application or content analytics miner.

About this task

This procedure is required to extend SSO support to any sources that you deploy in a WebSphere® Application Server environment. This includes sources that are deployed through WebSphere Portal, such as sources that are crawled by the Seed list crawler. To support SSO authentication when users access Watson Content Analytics applications, you must first confirm that SSO is correctly configured in WebSphere Application Server.

Procedure

To configure SSO support in WebSphere Application Server and verify that it is enabled for searching secure sources:

Configure LTPA SSO capabilities in WebSphere Application Server:
1. On the server that hosts WebSphere Application Server, such as an IBM® Connections server that you want to add to a collection, export the Lightweight Third-Party Authentication (LTPA) key file. In the WebSphere Application Server administration console, use the Cross-cell single sign-on configuration of the WebSphere Application Server Integrated Solutions Console.
2. On the Watson Content Analytics server that hosts WebSphere Application Server, import the LTPA key file that you exported.
3. Ensure that the SSO configuration data is the same on both WebSphere Application Server servers, such as the SSO Domain Name and realm name.
4. Restart both servers.
Ensure that LTPA SSO is correctly configured:
1. Log in to a data source server that supports SSO, such as a target IBM Connections server, then move to the Watson Content Analytics application by using the same browser window.
2. If you can reach the application interface without being prompted to log in, setup is successfully completed. The My Profile page is not a login prompt. Do not mistake the profile page for a login screen.
3. Try to log in by using the opposite order. First log in to the enterprise search application or content analytics miner, then move to the data source server in the same browser window.
Configure crawlers to support SSO authentication. Do these steps for each crawler that you want to enable to use the WebSphere Application Server configuration data:
1. Go to the ES_NODE_ROOT/master_config/collection_ID.crawler_ID directory, where crawler_ID identifies a crawler that you created.
2. Open the crawler_type.xml file (such as seedlistcrawler.xml) with a UTF-8 aware editor. Add the following attribute to the /Crawler/DataSources/Server element:
  SSOEnabled="true"
3. Open the ES_NODE_ROOT/master_config/sso.properties file and add the following line: imc.sso.source_type=true For example:
  imc.sso.connections=true
4. Restart the Watson Content Analytics system:
  esadmin system stopall
  esadmin system startall

What to do next

There are two configuration settings for configuring crawlers to support SSO authentication:

When you configure the identity management component on the Security page, select the check box for each crawler type in the collection that you want to enable to support SSO.
When you configure security settings for an individual crawler, enable SSO.

When both of these settings are configured to support SSO authentication, secure SSO search is in effect. The application stops requiring users to enter credentials in the My Profile dialog.