sso and ldap
play

SSO and LDAP Open Mic Webcast Josh Edwards October 7, 2015 - PowerPoint PPT Presentation

Feb 11, 2024 •184 likes •493 views

SSO and LDAP Open Mic Webcast Josh Edwards October 7, 2015 Summary Overview of SSO What kind of SSO mechanisms are supported with Sametime? How does the rich client handle sso settings? How to configure Websphere and Sametime to

  1. SSO and LDAP Open Mic Webcast Josh Edwards October 7, 2015

  2. Summary ● Overview of SSO ● What kind of SSO mechanisms are supported with Sametime? ● How does the rich client handle sso settings? ● How to configure Websphere and Sametime to support LTPA tokens. ● Overview of LDAP ● How to configure inbox awareness for 3 rd party LDAPs ● Closing Remarks

  3. Overview of SSO ● SSO stands for Single Sign-On ● SSO allows a single ID to access all systems that are participating without the need to login multiple times to each different system. ● In order to make use of SSO across the board in Sametime 9 we make use of a Websphere based Ltpa token and LDAP.

  4. What kind of SSO mechanisms are supported with Sametime? ● SPNEGO - http://www.ibm.com/developerworks/lotus/documentati on/spnegosametime/ ● Siteminder - http://www- 01.ibm.com/support/knowledgecenter/SSKTXQ_9.0.0/ admin/config/config_sec_siteminder_st_components.d ita ● SAML(Primarily utilized for Smartcloud and limited functionality) - http://www- 01.ibm.com/support/knowledgecenter/SSKTXQ_9.0.0/ admin/config/st_adm_security_sso_for_saml_and_co mm_serv.dita?lang=en

  5. Example SSO Client Settings ● *Note: Do not check remember password when utilizing to- ken based single sign-on.

  6. Example SSO Client Settings ● *Note: Do not check remember password when utilizing to- ken based single sign-on.

  7. How Does the rich client handle Domino sso settings for community logins? The client requests a LTPA token from the domino server on ● 1352 configured as the authentication server in the embedded client SSO setting config > under the "Log In" tab of the Server Community Settings. If authentication server isn't set, client uses the same host as ● configured for the community server. *Note: In case of a stand-alone Mux configuration, the ● authentication server must be defined and populated to point the LTPA request to the Domino server running the community server machine for the request to process properly. *Note See step 6 of this link if connecting to a cluster for special ● configuration steps. http://www- 01.ibm.com/support/docview.wss?uid=swg21196034

  8. How to configure Websphere and Sametime to support LTPA tokens - Overview ● Configure the Single sign-on(SSO) settings in Websphere. ● Export the key from Websphere. ● Import the key exported from Websphere into the Domino server where Sametime is installed. ● Configure Single sign-on(SSO) settings in domino.

  9. How to configure Websphere and Sametime to support LTPA tokens.

  10. How to configure Websphere and Sametime to support LTPA tokens. In webpshere enable Interoperability mode ● Name cookies appropriately LtpaToken for V1 cookie name and LtpaToken2 ● for V2 cookie name. Ensure the case and spelling match. Web inbound security should be unchecked on the Sametime side when ● mixing with portal and/or connections so that Sametime performs the lookup.

  11. Exporting the key from Websphere

  12. Exporting the key from Websphere ● Export the key and copy the file to your local client so that can be accessed for the import. ● Do NOT click generate keys for general exporting.

  13. Importing the Websphere key into Domino ● If a SSO configuration already exists for this server then simply skip this step and import the keys.

  14. Importing the Websphere key into Domino ● *Note: Perform this import step whether a new SSO configuration was created or a preexisting one is used in Domino.

  15. Importing the Websphere key into Domino ● Enter the absolute path to where the exported Websphere key exists on the local client.

  16. Ltpa Cont. Domino Configuration ● After importing the Websphere key on the domino sever where sametime is installed ensure the Token Format is set to LtpaToken and LtpaToken2. ● Also ensure the dns domain matches between the Websphere configuration and the domino configuration.

  17. Ltpa Cont. Example Settings

  18. Ltpa Cont. ● If utilizing a custom token name or internet site there are additional ini parameters that must be utilized for Sametime community server to use them. http://www-01.ibm.com/support/docview.wss? uid=swg21157740

  19. LDAP

  20. What is LDAP ● LDAP Stands for Lightweight Directory Access Protocol. ● LDAP stores attributes about users. It can contain details such as email address, first name, last name, phone number and many other attributes that define a user. ● LDAP can be utilized by a multitude of different servers in order to all share the same directory information. When deploying the new Sametime features we require the use of a LDAP server.

  21. What is a LDIF? ● LDIF stands for LDAP Data Interchange Format ● LDIFs represent data stored in LDAP in a plain text format. ● In troubleshooting various LDAP issues like authentication problems, awareness, or business card problems it is common to get a LDIF for a particular user and compare the attributes available to the actual LDAP configuration. Additionally, comparing the actual values of the attributes to the values that are returned in the the logs can help in determining configuration issues.

  22. LDIF Example

  23. LDAP Configuration for Sametime

  24. LDAP Configuration For Active Directory

  25. Active Directory Example

  26. Active Directory Example ● Here we have specified the base DN.

  27. Active Directory Example Notice that for the directory type active directory is selected. ● A key point is ensure that the Federated repository properties ● of mail;cn;uid is not modified or the order changed. Additional attributes may be added to the end.

  28. How to configure inbox awareness for 3 rd party LDAPs There are two possible ways to accomplish this setup: 1) Synchronize the user name in the Person document in the Domino Directory with the non-Domino LDAP name that Sametime uses to authenticate a user. For example, if the non-Domino LDAP Sametime directory is IBM Directory Server, and a user's dn from IBM Directo- ry Server is as follows: uid=wpsadmin,cn=users,dc=ibm,dc=com then you need to add the following to the LTPA user name field (located on the Administration Tab of the Person doc- ument) for wpsadmin in Domino: LTPA user name: uid=wpsadmin/cn=users/dc=ibm/dc=com 2) Or, synchronize the user name in the non-Domino LDAP with the name that Domino Web Access uses to authenti- cate the user by using Directory Assistance. For more information on creating and configuring Directory Assistance, refer to the Domino Administrator help database. Full Length Article - http://www-01.ibm.com/support/docview.wss?uid=swg21230590

  29. Summary Points for Success There are 4 main key points to consider when utilizing SSO and LDAP to have a successful deployment. ● common keys ● common realm ● common domains ● common ldap – (it is preferred and recommended to utilize a common ldap between components although if this is not the case it still might be possible to offer functionality with special configuration)

  30. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to LDAP Frank A. Kuse Introduction to LDAP AGENDA Understanding LDAP

Introduction to LDAP Frank A. Kuse Introduction to LDAP AGENDA Understanding LDAP

Introduction to LDAP Frank A. Kuse Introduction to LDAP AGENDA Understanding LDAP LDAP Servers Information Structure Protocol Overview LDAP operations UNDERSTANDING LDAP LDAP stands for Lightweight Directory Access

268 views • 12 slides
How we implemented an LDAP directory Multiple Simultaneous Requests . . . . . . . . . . . . . . .

How we implemented an LDAP directory Multiple Simultaneous Requests . . . . . . . . . . . . . . .

Getting Started What do you already know about ldap ? . . . . . . . . . . . . . . slide #3 What Do You Want? . . . . . . . . . . . . . . . . . . . . . . . . . . . . slide #4 Argument for LDAP Account Information . . . . . . . . . . . . . . . . .

442 views • 26 slides
LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com

LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com

LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com http://www.samba.org/~idra What is LDB ? LDB is an LDAP-like database interface LDAP-like data model support LDAP like search expressions but it

1.03k views • 24 slides
DESIRE II LDAP Indexing System 45 IETF, Oslo LDAP Service Deployment - Take 2 BoF 15. July 1999

DESIRE II LDAP Indexing System 45 IETF, Oslo LDAP Service Deployment - Take 2 BoF 15. July 1999

DESIRE DESIRE II LDAP Indexing System 45 IETF, Oslo LDAP Service Deployment - Take 2 BoF 15. July 1999 Peter Gietz, University of Tbingen Peter.Gietz@directory.dfn.de DESIRE LDAP Index system

855 views • 12 slides
Security with LDAP Andrew Findlay Skills 1st Ltd www.skills-1st.co.uk February 2002

Security with LDAP Andrew Findlay Skills 1st Ltd www.skills-1st.co.uk February 2002

Security with LDAP Andrew Findlay Skills 1st Ltd www.skills-1st.co.uk February 2002 andrew.findlay@skills-1st.co.uk Security with LDAP Applications of LDAP White Pages NIS (Network Information System) Authentication

257 views • 15 slides
LDAP LDAPv3, Internet Standard RFC4510 RFC 4510-4521 and about 40 others for extensions Many

LDAP LDAPv3, Internet Standard RFC4510 RFC 4510-4521 and about 40 others for extensions Many

What is LDAP Lightweight Directory Access Protocol Phonebook Based on X.500 DAP on OSI stack Developed in '93 @ UMich LDAP LDAPv3, Internet Standard RFC4510 RFC 4510-4521 and about 40 others for extensions Many implementations OpenLDAP

544 views • 6 slides
KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC

KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC

KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC attributes except for those used to store key data Keys Extension draft: Defines attributes used to store key data Flow of Data to LDAP

798 views • 10 slides
From LDAP to IdM Presentation at the Athens Eurocamp 2008 by Roland Hedberg

From LDAP to IdM Presentation at the Athens Eurocamp 2008 by Roland Hedberg

From LDAP to IdM Presentation at the Athens Eurocamp 2008 by Roland Hedberg <roland.hedberg@adm.umu.se> The transition -starting point Admin interface LDAP Scripts The transition - toward nirvana Admin interface LDAP Scripts

497 views • 22 slides
Testing LDAP Implementations Emmanuel Lcharny Do who need tests anyway ? OSS projects don't

Testing LDAP Implementations Emmanuel Lcharny Do who need tests anyway ? OSS projects don't

Testing LDAP Implementations Emmanuel Lcharny Do who need tests anyway ? OSS projects don't need it... We have users ! We have users ! LDAP project phases Initial analysis Development + tests Costs Conformance tests Tests are

501 views • 27 slides
dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit

dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit

dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit of History Number of systems Own user administra:on system Some users had access

519 views • 10 slides
UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity System UCSBnetID authentication UCSB-wide student and employee info http://www.identity.ucsb.edu/ LDAP Overview Lightweight Directory Access Protocol

604 views • 24 slides
Towards a Common Java LDAP API Emmanuel Lecharny Apache Directory elecharny@apache.org Ludovic

Towards a Common Java LDAP API Emmanuel Lecharny Apache Directory elecharny@apache.org Ludovic

Towards a Common Java LDAP API Emmanuel Lecharny Apache Directory elecharny@apache.org Ludovic Poitou OpenDS ludovic.poitou@sun.com A poor man's choice: JNDI or JLDAP/Netscape LDAP SDK Good News: Apache Directory Client API OpenDS

678 views • 20 slides
Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP

Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP

Logistics E-mail UML 2 Should have received mail from me. If not: Check LDAP entry Indicate on attendance sheet Announcements Plan for today Its Co-op time Building a software system Orientation

475 views • 3 slides
How we implemented an LDAP directory for Laboratories A Case Study at Hong Kong Institute of

How we implemented an LDAP directory for Laboratories A Case Study at Hong Kong Institute of

How we implemented an LDAP directory for Laboratories Nick Urbanik How we implemented an LDAP directory for Laboratories A Case Study at Hong Kong Institute of Vocational Education (Tsing Yi), Department of ICT Nick Urbanik

1.17k views • 106 slides
Logistics The never-ending LDAP problems Latest Developments Dave, got your e-mail

Logistics The never-ending LDAP problems Latest Developments Dave, got your e-mail

Logistics The never-ending LDAP problems Latest Developments Dave, got your e-mail (Cant change in mycourses) Jon, your mail bounced March 17 Lets settle things after class Enter stage left Spacethe final

382 views • 5 slides
The LDAP Directory Schema AGENDA Why do we need a good schema? From the White Pages to

The LDAP Directory Schema AGENDA Why do we need a good schema? From the White Pages to

The LDAP Directory Schema AGENDA Why do we need a good schema? From the White Pages to Access Control The Design Process The available Standards Best Practices The User object The plumbing Implementing the Schema

494 views • 47 slides
#MicroFocusCyberSummit Access Management: The Glue between Business Value and Security Kent

#MicroFocusCyberSummit Access Management: The Glue between Business Value and Security Kent

#MicroFocusCyberSummit Access Management: The Glue between Business Value and Security Kent Purdy Chan Yoon Product Marketing Manager Director of Product Management #MicroFocusCyberSummit security leaders regard achieving and 68 %

700 views • 26 slides
Vocal Training Basics August 9, 2018 National Autism Conference State College, PA Heather

Vocal Training Basics August 9, 2018 National Autism Conference State College, PA Heather

7/16/2018 Vocal Training Basics August 9, 2018 National Autism Conference State College, PA Heather Forbes, CCC-SLP, BCBA Amy Foor, CCC-SLP, BCBA PaTTAN Autism Initiative Pennsylvania Training and Technical Assistance Network PaTTANs

760 views • 43 slides
Jessica Laemle Presentation Paper Reflection Prior to researching and presenting privacy and

Jessica Laemle Presentation Paper Reflection Prior to researching and presenting privacy and

Jessica Laemle Presentation Paper Reflection Prior to researching and presenting privacy and security in our digital world, I didnt have much knowledge regarding these topics. I was aware that privacy and security are much debated issues in

484 views • 15 slides
T16 September 30, 2004 3:00 PM D EVELOPING S ECURE W EB A PPLICATIONS Dennis Hurst SPI Dynamics

T16 September 30, 2004 3:00 PM D EVELOPING S ECURE W EB A PPLICATIONS Dennis Hurst SPI Dynamics

BIO PRESENTATION T16 September 30, 2004 3:00 PM D EVELOPING S ECURE W EB A PPLICATIONS Dennis Hurst SPI Dynamics Inc Better Software Conference & EXPO September 27-30, 2004 San Jose, CA USA Dennis Hurst Dennis Hurst, senior consulting

1.02k views • 74 slides
BUSINESS LICENSE ORDINANCE 2013 UPDATE March 5, 2013 Introduction 2 Over the past several

BUSINESS LICENSE ORDINANCE 2013 UPDATE March 5, 2013 Introduction 2 Over the past several

1 BUSINESS LICENSE ORDINANCE 2013 UPDATE March 5, 2013 Introduction 2 Over the past several years, the County has: created an independent Fire Department, improved mutual aid delivery for Ambulance Providers throughout the County,

178 views • 16 slides
all veterinary submissions to EMA Webinar for Industry Presented by Kristiina Puusaari on 1

all veterinary submissions to EMA Webinar for Industry Presented by Kristiina Puusaari on 1

Mandatory use of eSubmission Gateway for all veterinary submissions to EMA Webinar for Industry Presented by Kristiina Puusaari on 1 December 2016 An agency of the European Union Outline of todays training session eSubmission Gateway and Web

366 views • 32 slides
Virtual CareLessons learned Dr. Jaron Easterbrook & Dr. David Harrison 2 Disclosures Not

Virtual CareLessons learned Dr. Jaron Easterbrook & Dr. David Harrison 2 Disclosures Not

Virtual CareLessons learned Dr. Jaron Easterbrook & Dr. David Harrison 2 Disclosures Not gonna lie An honorarium was provided for preparation and presentation time associated with this presentation by the Joint IMIT Working Group, a

127 views • 9 slides
INVESTOR PRESENTATION F o u r t h Q u a r t e r 2 0 1 8 Grupo Bimbo Today Control Group: 75%

INVESTOR PRESENTATION F o u r t h Q u a r t e r 2 0 1 8 Grupo Bimbo Today Control Group: 75%

INVESTOR PRESENTATION F o u r t h Q u a r t e r 2 0 1 8 Grupo Bimbo Today Control Group: 75% Float: 25% Points of Market cap (1) Sales (2) Adj. EBITDA (2) Countries Plants Routes Associates Products sale US$9.4 Bn US$15.0 Bn US $1.6

457 views • 19 slides

More recommend