Enabling single sign-on for the Windows desktop
Configure HCL Connections™ to use SPNEGO for single sign-on (SSO). This configuration permits users to sign in to the Microsoft Windows™ desktop and automatically authenticate with Connections.
Verify that HCL Connections works correctly without the SPNEGO authentication protocol.
Create a user account in the LDAP directory and add it to the WebSphere® Application Server administrators group.
Complete the steps in the Creating a service principal name and keytab file topic.
Note: If you are using on-ramp plug-ins or mobile services, your data traffic is not authenticated by Kerberos tickets or SPNEGO tokens. It is instead authenticated through Java EE form-based authentication.
To configure Connections to use SPNEGO, complete the following tasks:
- Mapping an Active Directory account to administrative roles
Map an account from Active Directory to administrative roles in IBM® WebSphere Application Server.
- Creating a service principal name and keytab file
A service account in Microsoft Active Directory needs to be created to support a service principal name (SPN) for HCL Connections. A keytab file that the Kerberos authentication service can use to establish trust with the web browser also can be created if Kerberos authentication is desired.
- Creating a redirect page for users without SPNEGO support
Create an HTML page to redirect users whose web browsers do not support SPNEGO.
- Configuring SPNEGO (and Kerberos optionally) on WebSphere Application Server
Configure SPNEGO and, optionally Kerberos, on IBM® WebSphere Application Server.
- Configuring web browsers to support SPNEGO
Configure your web browser to support SPNEGO authentication.
Parent topic:Configuring single sign-on