saml-dev message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [saml-dev] protecting WebSphere with a SAML SP
- From: bbbrandt@mmm.com
- To: "Tom Scavo" <trscavo@gmail.com>
- Date: Fri, 22 Aug 2008 16:25:04 -0500
One way is to do token translation (from
SAML to a token format websphere already supports) prior to the web requests
getting to websphere app server (and the websphere portal server app).
As of websphere 6.1 (the last time I
checked) IBM did not have native support for SAML assertions in their app
servers. There are newer versions of websphere that may, but
I've not heard positive confirmation of that. IBM does support 3rd
party authentication tokens however, with their TAI (Trust Association
Interceptor). You can utilize this interceptor to take a 3rd party
token (CA Siteminder cookier, IBM Tivoli cookie, Kerberos ticket, etc.)
to get SSO credentialed to a format IBM understands (LTPA cookie --- lightweight
third party authentication). Once that format is achieved all the
normal user sessioning works just fine, and even works across other IBM
products (such as Domino servers).
So... if you come into a token translating
service with a SAML token (SOAP gateway, SAML federation server,
etc.) and come out of that with a token type websphere already understands
(LTPA or any third party cookie it supports through its TAI interface),
you can get SSO into websphere. I won't go into specific soap firewalls
or products but they do exist. Now... if IBM supports SAML
tokens directly (which they might now do) that would be the easiest way
for sure.
Bob Brandt, 3M
| From:
| "Tom Scavo" <trscavo@gmail.com>
|
| To:
| "SAML Developers" <saml-dev@lists.oasis-open.org>
|
| Date:
| 08/22/2008 12:29 PM
|
| Subject:
| [saml-dev] protecting WebSphere with
a SAML SP |
We've been asked to SAML-enable the WebSphere portal
framework. I
know nothing about the latter, so I'd be interested in hearing from
anyone who has successfully done that. If so, what SAML
implementation did you use, and which version of WebSphere was
involved?
Many thanks in advance,
Tom Scavo
NCSA
---------------------------------------------------------------------
To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: saml-dev-help@lists.oasis-open.org
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]