WebSeal TIP SSO

写在最前面的,好久好久没更新博客了,果然懒惰是无边界的,正好最近真的很闲很闲,就把之前帮朋友测试的WebSeal和TIP(eWAS)如何做单点登录放上来了,果然好无聊啊我~~~~~~

本文中用的TIP是Netcool/OMNIbus Web GUI的TIP,同理TSM的admin center也可以,同理貌似WebSphere Portal也可以~~~~貌似ITM TEPS6.2.3以后的版本才可以~~~ 真是懒得写字啊~啊~~啊~~~

WebSeal TIP SSO

在TAM中创建appaccount组:

dn: cn=groups,o=tivoli

cn: group

objectclass: top

objectclass: container

dn: cn=AppAccount,cn=groups,o=tivoli

cn: AppAccount

objectclass: top

objectclass: container

[[email protected] ldif]# idsldapadd -D cn=root -w 111111 -p 389 -i add_groups.ldif

Operation 0 adding new entry cn=groups,o=tivoli

Operation 1 adding new entry cn=AppAccount,cn=groups,o=tivoli

配置TIP到LDAP中

登录TIP,并启动WAS管理控制台

WebSeal TIP SSO

配置WAS安全性

WebSeal TIP SSO

添加管理存储库

WebSeal TIP SSO

WebSeal TIP SSO

配置LDAP连接信息

WebSeal TIP SSO

将配置的LDAP添加到WAS安全域中

WebSeal TIP SSO

添加刚刚创建的组DN

WebSeal TIP SSO

重启TIP WAS并添加测试用户

WebSeal TIP SSO

pdadmin sec_master> user create ssotest "uid=ssotest,cn=AppAccount,cn=groups,o=tivoli" "ssotest" "ssotest" 111111

pdadmin sec_master> user modify "ssotest" account-valid yes

pdadmin sec_master>

pdadmin sec_master> user show ssotest

Login ID: ssotest

LDAP DN: uid=ssotest,cn=AppAccount,cn=groups,o=tivoli

LDAP CN: ssotest

LDAP SN: ssotest

Description:

Is SecUser: Yes

Is GSO user: No

Account valid: Yes

Password valid: Yes

确认 TIP WAS LDAP认证配置成功,为测试用户分配角色,并测试用户登录

WebSeal TIP SSO

WebSeal TIP SSO

WebSeal TIP SSO

WebSeal TIP SSO

导出TIP WAS LTPA Key

WebSeal TIP SSO

WebSeal TIP SSO

WebSeal TIP SSO

确认LTPA Key被成功导出

WebSeal TIP SSO

配置双向SSL

将TIP WAS SSL证书导入到WebSeal中

WebSeal TIP SSO

WebSeal TIP SSO

WebSeal TIP SSO

WebSeal TIP SSO

默认密码为WebAS

WebSeal TIP SSO

WebSeal TIP SSO

将WebSeal证书导入到TIP WAS中

WebSeal TIP SSO

WebSeal TIP SSO

WebSeal TIP SSO

WebSeal TIP SSO

默认密码为pdsrv

WebSeal TIP SSO

WebSeal TIP SSO

重启WebSeal、TIP WAS

创建Junction

pdadmin sec_master> server task default-webseald-rhel5 create -t ssl -h 10.1.1.134 -p 16311 -A -F /opt/pdweb/certs/TIP_WAS_LTPA.key -Z 111111 -j -c all -f /tip

Created junction at /tip

测试SSO登录

WebSeal TIP SSO

WebSeal TIP SSO

创建ACL保护TIP WAS

acl create tip_acl

acl modify tip_acl set user sec_master TcmdbsvaBRl

acl modify tip_acl set user ssotest Trx

acl modify tip_acl set any-other T

acl modify tip_acl set unauthenticated T

acl attach /WebSEAL/rhel5-default/tip/ibm/console tip_acl

WebSeal TIP SSO

pdadmin sec_master> acl show tip_acl

ACL Name: tip_acl

Description:

Entries:

User sec_master TcmdbsvaBRl

User ssotest Trx

Any-other T

Unauthenticated T

为WebSeal和TIP配置单点注销

路径根据版本可能有差别,可在TIP目录搜索customizationproperties,得到该文件位置

C:\IBM\Tivoli\tipv2\profiles\TIPProfile\config\cells\TIPCell\applications\isc.ear\deployments\isc\isclite.war\WEB-INF

WebSeal TIP SSO

WebSeal TIP SSO

重启TIP

经过测试不太成功哈~~~~

转载于:https://blog.51cto.com/rock116/1179492

相关文章:

  • 2021-08-23
  • 2021-06-04
  • 2021-11-03
  • 2022-12-23
  • 2022-12-23
  • 2021-05-03
猜你喜欢
  • 2021-06-30
  • 2021-09-13
  • 2021-12-09
  • 2021-07-25
  • 2022-02-26
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode