[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] protecting WebSphere with a SAML SP
-----Original Message-----
From: bbbrandt@mmm.com [mailto:bbbrandt@mmm.com]
Sent: Friday, August 22, 2008 4:25 PM
To: Tom Scavo
Cc: SAML Developers
Subject: Re: [saml-dev] protecting WebSphere with a SAML SP
One way is to do token translation (from SAML to a token format websphere already supports) prior to the web requests getting to websphere app server (and the websphere portal server app).
As of websphere 6.1 (the last time I checked) IBM did not have native support for SAML assertions in their app servers. There are newer versions of websphere that may, but I've not heard positive confirmation of that. IBM does support 3rd party authentication tokens however, with their TAI (Trust Association Interceptor). You can utilize this interceptor to take a 3rd party token (CA Siteminder cookier, IBM Tivoli cookie, Kerberos ticket, etc.) to get SSO credentialed to a format IBM understands (LTPA cookie --- lightweight third party authentication). Once that format is achieved all the normal user sessioning works just fine, and even works across other IBM products (such as Domino servers).
So... if you come into a token translating service with a SAML token (SOAP gateway, SAML federation server, etc.) and come out of that with a token type websphere already understands (LTPA or any third party cookie it supports through its TAI interface), you can get SSO into websphere. I won't go into specific soap firewalls or products but they do exist. Now... if IBM supports SAML tokens directly (which they might now do) that would be the easiest way for sure.
Bob Brandt, 3M
From: "Tom Scavo" <trscavo@gmail.com> To: "SAML Developers" <saml-dev@lists.oasis-open.org> Date: 08/22/2008 12:29 PM Subject: [saml-dev] protecting WebSphere with a SAML SP
We've been asked to SAML-enable the WebSphere portal framework. I
know nothing about the latter, so I'd be interested in hearing from
anyone who has successfully done that. If so, what SAML
implementation did you use, and which version of WebSphere was
involved?
Many thanks in advance,
Tom Scavo
NCSA
---------------------------------------------------------------------
To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: saml-dev-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]