Verifying the WebSphere Default Application is protected by SAML
Verify that the WebSphere® Default Application is protected by SAML and SAML authentication is functioning in your environment
-
Protect Snoop with SAML as follows:
- From the WebSphere Application Server Integrated Solutions Console, navigate to Security > Global security > Trust association > Interceptors > com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor.
- Under Custom properties, create the property sso_1.sp.filter and give it the value request-url^=/snoop For more information about configuring the SAML TAI, refer to Enabling your system to use the SAML web single sign-on (SSO) feature.
-
Run Full Resynchronize for all nodes, and then stop all servers and the Dmgr.
-
Restart the Dmgr, the Node agent, and the server associated with the Default Application.
-
Ensure the system clocks on all systems are synchronized, especially that of the IdP server and the SP server.
-
Verify that Snoop is now protected by SAML. From the browser, enter https://websphere.example.com[:port]/snoop.
You are requested to accept the web-server signed certificate.
-
Accept the web-server signed certificate, and when prompted to enter a valid username/password, enter the Connections administrator username/password.
The Snoop Servlet - Request/Client Information form displays.
-
Continue to enable SAML protection for HCL Connections™ by completing Enabling single sign-on for SAML 2.0.
Parent topic:Configuring SAML redirection services for web SSO