VM
Uploaded byVan Staub, MBA
PPTX, PDF4,104 views

Active Directory Single Sign-On with IBM

The document outlines the technical enablement process for configuring Active Directory and Active Directory Federation Services (ADFS) for Single Sign-On (SSO) using SAML. It details installation, configuration steps, and notable resources for WebSphere integration, emphasizing the ease of setup and the role of SSL certificates. Additional guides and resources for implementing SSO with various IBM products are also provided.

Embed presentation

Downloaded 131 times
Active Directory Single Sign-On Worldwide Business Partner Technical Enablement 2016 Van Staub – North America Embedded Solution Agreement Technical Sales 1
Agenda • review in a practical format configuring Active Directory and Active Directory Federation Services • configure SAML with WebSphere • discuss SAML with Connections Cloud • list notable resources at the end
Installing and Configuring Active Directory • the “directory” used to perform authentication with IBM software (e.g. WebSphere Portal) • provides a variety of authentication mechanisms almost out of the box – namely SAML, SPNEGO, and LDAP • very easy to get started
Active Directory Federation Services 2.0 • supports SAML authentication with ”relying parties” • SAML is a protocol that specifies the identity of a user in an encrypted format • identity of the user is provided using a “claim” (i.e. sAMAccountName or email address)
SAMLFlow XML
Installing and Configuring ADFS 2.0 • install the ADFS 2.0 software • configure the first federation server • manually add the SSL certificate to IIS if one is not listed as available to use (I re-used a certificate; you can create a self-signed if needed) • verify the SSL certificate you imported is also set as the Token-Signing certificate • also make sure it’s the primary certificate
manually importing the SSL certificate into IIS
Manually set the Token-Signing Certificate
Configuring WebSphere for SAML • ensure that security is enabled and working with Active Directory • install the SAML ACS enterprise application • configure the SAML TAI to work with the ADFS IdP • steps create a global configuration • steps are shown manually for clarity
• simply deploys the SAML ACS enterprise application • can also be done manually
• Using WAS Console go to Security -> Global Security -> Web and SIP security - > Trust Association • Uncheck Enable trust association
• Click Interceptors • com.ibm.ws.secu rity.web.saml.AC STrustAssociatio nInterceptor • add settings seen in screenshot
• Using WAS Console go to Security -> Global Security -> Custom Properties • add settings seen in screenshot
• Using WAS Console go to Security -> SSL Certificate and Key Management -> Key stores and Certificates • either NodeDefaultTrust Store or CellDefaultTrustST ore • Add SSL certificate (public key) manually or retrieve from port (i.e. the IIS server) the Token-Signer certificate specified earlier
certificate alias you just added to the TrustStore
• Using WAS Console go to Security -> Federated Repositories -> Configure • Click Trusted authentication realms - inbound • add external ream settings seen in screenshot Federation Server identifier seen earlier
• Using WAS Console go to Security -> Global Security -> Web and SIP security -> Trust Association • Check Enable trust association
Creating the Partnership • SAML 2.0 metadata XML can be exported from WebSphere and imported into ADFS • use AdminTask.exportSAMLSpMetadata(‘-spMetadataFileName <SpMetaDataFile> -ssoId 1′) sso_1.sp.acsURL sso_1.sp.acsURL
use defaults on next screens
Finished Partnership (Relying Party Trust)
Resources Understanding the WebSphere Application Server SAML Trust Association Interceptor http://www.ibm.com/developerworks/websphere/techjournal/1307_lansche/1307_lansche.html Step by step guide to implement SAML 2.0 for Portal 8.5 https://developer.ibm.com/digexp/docs/docs/customization-administration/step-step-guide-implement- saml-2-0-portal-8-5/ Front Side SAML SSO with microsoft product (ADFS -> WAS SAML TAI) https://www.ibm.com/developerworks/community/blogs/8f2bc166-3bdc-4a9d-bad4- 3620dbb3e46c/entry/Front_Side_SAML_SSO_with_microsoft_product_ADFS_WAS_SAML_TAI?lang =en Step-by-Step guide to Configure Single sign-on for HTTP requests using SPNEGO web authentication https://www-10.lotus.com/ldd/portalwiki.nsf/dx/Step-by-Step_guide_to_Configure_Single_sign- on_for_HTTP_requests_using_SPNEGO_web_authentication AD + SAML + Kerberos + IBM Notes and Domino = SSO! http://www.andypedisich.com/blogs/andysblog.nsf/dx/robs-saml-presentation-from-mwlug-has-been- posted.htm BP104 Simplifying The S’s: Single Sign-On, SPNEGO and SAML (2014) http://www.idonotes.com/IdoNotes/IdoConnect2013.nsf/dx/bp104-simplifying-the-ss-single-sign-on- spnego-and-saml-2014.htm
Thank You 31

More Related Content

PPTX
Enter The Matrix Securing Azure’s Assets
byBizTalk360
 
PPT
ASP.NET 13 - Security
byRandy Connolly
 
PPTX
IBM Single Sign-On
byVan Staub, MBA
 
PPTX
Asp.Net Identity
byMarwa Ahmad
 
PPTX
IBM Digital Experience Theme Customization
byVan Staub, MBA
 
PPTX
IBM Social Business Toolkit
byVan Staub, MBA
 
PDF
Microservices - not just with Java
byEberhard Wolff
 
PPTX
Introduction to Windows Azure AppFabric Applications
byNeil Mackenzie
 
Enter The Matrix Securing Azure’s Assets
byBizTalk360
 
ASP.NET 13 - Security
byRandy Connolly
 
IBM Single Sign-On
byVan Staub, MBA
 
Asp.Net Identity
byMarwa Ahmad
 
IBM Digital Experience Theme Customization
byVan Staub, MBA
 
IBM Social Business Toolkit
byVan Staub, MBA
 
Microservices - not just with Java
byEberhard Wolff
 
Introduction to Windows Azure AppFabric Applications
byNeil Mackenzie
 

What's hot

PDF
Nanoservices and Microservices with Java
byEberhard Wolff
 
PDF
Microservices: Architecture to Support Agile
byEberhard Wolff
 
PPTX
10 ways to trigger runbooks from Orchestrator
byFredrik Knalstad
 
PDF
SAML and Liferay
byMika Koivisto
 
PPTX
Kerberos part 2
bySpencer Harbar
 
PPTX
Know, Share, Do - Custom Apps
byTIMETOACT GROUP
 
PPTX
Session 3c The SF SaaS Framework
byCode Mastery
 
PPTX
Apps for SharePoint 2013
byMelick Baranasooriya
 
PPTX
Mobile Services for Windows Azure
byAbhishek Sur
 
PDF
How Small Can Java Microservices Be?
byEberhard Wolff
 
PPTX
Brewing Beer with Windows Azure - ASPConf
byMaarten Balliauw
 
PDF
Microservices and Self-contained System to Scale Agile
byEberhard Wolff
 
PDF
Four Times Microservices - REST, Kubernetes, UI Integration, Async
byEberhard Wolff
 
PPTX
Brewing Beer with Windows Azure
byMaarten Balliauw
 
PDF
Data Architecture not Just for Microservices
byEberhard Wolff
 
PPTX
Apps for SharePoint
byMelick Baranasooriya
 
PPTX
2 Speed IT powered by Microsoft Azure and Minecraft
bySriram Hariharan
 
PPTX
Chris OBrien - Weaving Enterprise Solutions into Office Products
byChris O'Brien
 
PDF
SharePoint Saturday The Conference DC - How the bcs saved my marriage
byLiam Cleary [MVP]
 
PDF
Microservices: Redundancy=Maintainability
byEberhard Wolff
 
Nanoservices and Microservices with Java
byEberhard Wolff
 
Microservices: Architecture to Support Agile
byEberhard Wolff
 
10 ways to trigger runbooks from Orchestrator
byFredrik Knalstad
 
SAML and Liferay
byMika Koivisto
 
Kerberos part 2
bySpencer Harbar
 
Know, Share, Do - Custom Apps
byTIMETOACT GROUP
 
Session 3c The SF SaaS Framework
byCode Mastery
 
Apps for SharePoint 2013
byMelick Baranasooriya
 
Mobile Services for Windows Azure
byAbhishek Sur
 
How Small Can Java Microservices Be?
byEberhard Wolff
 
Brewing Beer with Windows Azure - ASPConf
byMaarten Balliauw
 
Microservices and Self-contained System to Scale Agile
byEberhard Wolff
 
Four Times Microservices - REST, Kubernetes, UI Integration, Async
byEberhard Wolff
 
Brewing Beer with Windows Azure
byMaarten Balliauw
 
Data Architecture not Just for Microservices
byEberhard Wolff
 
Apps for SharePoint
byMelick Baranasooriya
 
2 Speed IT powered by Microsoft Azure and Minecraft
bySriram Hariharan
 
Chris OBrien - Weaving Enterprise Solutions into Office Products
byChris O'Brien
 
SharePoint Saturday The Conference DC - How the bcs saved my marriage
byLiam Cleary [MVP]
 
Microservices: Redundancy=Maintainability
byEberhard Wolff
 

Viewers also liked

PDF
OAuth In The Real World : 10 actual implementations you can't guess
byMehdi Medjaoui
 
PDF
Single sign on using SAML
byProgramming Talents
 
PPTX
IBM Watson Work Services Development
byVan Staub, MBA
 
PDF
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
byDave Hay
 
PPTX
Webinar: Migration from IBM Domino to IBM Verse
byMOVE4IDEAS
 
PDF
MongoDB Workshop
byeagerdeveloper
 
PDF
MongoDb scalability and high availability with Replica-Set
byVivek Parihar
 
PDF
IBM Connect Switzerland - Der entspannte Administrator
byKlaus Bild
 
PDF
VMUG - Using PowerShell to call RESTful APIs
byChris Wahl
 
PDF
Migration to IBM SmartCloud Notes
byjackdowning
 
PDF
Tomboy Web Sync Explained
byMohan Krishnan
 
PDF
The never-ending REST API design debate -- Devoxx France 2016
byRestlet
 
PDF
Angular meteor for angular devs
byArc & Codementor
 
PDF
Dave hay desktop single sign-on in an active directory world
byDave Hay
 
PDF
Joker'15 Java straitjackets for MongoDB
byAlexey Zinoviev
 
PDF
The Present Future of OAuth
byMichael Bleigh
 
PPTX
NEPHP '12: Create a RESTful API
byAndrew Curioso
 
PPTX
MongoDB - The database strikes back
bySteven Cooper
 
PDF
VMUG - Picking Up New Skills - Tips and Tricks to Build Your Technical Tool C...
byChris Wahl
 
PPTX
Taste of Failure is Key for Sustainable Success
byVSR *
 
OAuth In The Real World : 10 actual implementations you can't guess
byMehdi Medjaoui
 
Single sign on using SAML
byProgramming Talents
 
IBM Watson Work Services Development
byVan Staub, MBA
 
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
byDave Hay
 
Webinar: Migration from IBM Domino to IBM Verse
byMOVE4IDEAS
 
MongoDB Workshop
byeagerdeveloper
 
MongoDb scalability and high availability with Replica-Set
byVivek Parihar
 
IBM Connect Switzerland - Der entspannte Administrator
byKlaus Bild
 
VMUG - Using PowerShell to call RESTful APIs
byChris Wahl
 
Migration to IBM SmartCloud Notes
byjackdowning
 
Tomboy Web Sync Explained
byMohan Krishnan
 
The never-ending REST API design debate -- Devoxx France 2016
byRestlet
 
Angular meteor for angular devs
byArc & Codementor
 
Dave hay desktop single sign-on in an active directory world
byDave Hay
 
Joker'15 Java straitjackets for MongoDB
byAlexey Zinoviev
 
The Present Future of OAuth
byMichael Bleigh
 
NEPHP '12: Create a RESTful API
byAndrew Curioso
 
MongoDB - The database strikes back
bySteven Cooper
 
VMUG - Picking Up New Skills - Tips and Tricks to Build Your Technical Tool C...
byChris Wahl
 
Taste of Failure is Key for Sustainable Success
byVSR *
 

Similar to Active Directory Single Sign-On with IBM

PPTX
IdP, SAML, OAuth
byDan Brinkmann
 
PPTX
Single Sign On using ADFS.pptx
byAlireza Vafi
 
PDF
AD SSO with Oracle Analytics Cloud - Oracle Open World 18
byBecky Wagner
 
PPTX
Developing and deploying Identity-enabled applications for the cloud
byMaarten Balliauw
 
PDF
A Technical Guide To Deploying Single Sign On
byGabriella Davis
 
PPTX
MCSA 70-412 Chapter 08
byComputer Networking
 
PPT
Ad fs
byIván Sanchez Vera
 
PPTX
The Who, What, Why and How of Active Directory Federation Services (AD FS)
byJay Simcox
 
PDF
SAML and Other Types of Federation for Your Enterprise
byDenis Gundarev
 
PPTX
SharePoint 2013 and ADFS
byNatallia Makarevich
 
PPT
Windows server 2003_r2
bytameemyousaf
 
PPTX
Office 365-single-sign-on-with-adfs
byamitchachra
 
PPTX
Taking Identity from the Enterprise to the Cloud
byPat Patterson
 
PDF
Moodle andoffice365withadfs
byHeo Gòm
 
PDF
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
byEnvision IT
 
PPTX
Office 365 MCSA TechEd
byRobert Gabos
 
PPTX
70 346 Managing office 365 identities
byclounoud
 
PDF
Open Doors In The Cloud By Using SSO Methodologies Between Your Organisation ...
byLetsConnect
 
PPTX
AD FS Workshop | Part 2 | Deep Dive
byGranikos GmbH & Co. KG
 
PPTX
Adfs 2 & claims based identity
byNathan Winters
 
IdP, SAML, OAuth
byDan Brinkmann
 
Single Sign On using ADFS.pptx
byAlireza Vafi
 
AD SSO with Oracle Analytics Cloud - Oracle Open World 18
byBecky Wagner
 
Developing and deploying Identity-enabled applications for the cloud
byMaarten Balliauw
 
A Technical Guide To Deploying Single Sign On
byGabriella Davis
 
MCSA 70-412 Chapter 08
byComputer Networking
 
Ad fs
byIván Sanchez Vera
 
The Who, What, Why and How of Active Directory Federation Services (AD FS)
byJay Simcox
 
SAML and Other Types of Federation for Your Enterprise
byDenis Gundarev
 
SharePoint 2013 and ADFS
byNatallia Makarevich
 
Windows server 2003_r2
bytameemyousaf
 
Office 365-single-sign-on-with-adfs
byamitchachra
 
Taking Identity from the Enterprise to the Cloud
byPat Patterson
 
Moodle andoffice365withadfs
byHeo Gòm
 
Envision it SharePoint Extranet Webinar Series - Federation and SharePoint On...
byEnvision IT
 
Office 365 MCSA TechEd
byRobert Gabos
 
70 346 Managing office 365 identities
byclounoud
 
Open Doors In The Cloud By Using SSO Methodologies Between Your Organisation ...
byLetsConnect
 
AD FS Workshop | Part 2 | Deep Dive
byGranikos GmbH & Co. KG
 
Adfs 2 & claims based identity
byNathan Winters
 

Recently uploaded

PPTX
CodeMash 2026 - Optimizing Azure App Services
byBrian McKeiver
 
PDF
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PDF
How Automation Powers Data Quality and Governance at Scale
bySafe Software
 
PDF
Best 10 Dedicated Servers in Amsterdam, Netherlands (2026 Enterprise Edition)...
byAtal Networks
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PDF
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
PDF
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
PDF
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PDF
Mercury Computer Systems & The Cell Broadband Engine
bySlide_N
 
PDF
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
PDF
Zniber Partners. Audience Foresight for Confident Decisions
bySamuel Zniber
 
PDF
Just Eat Data Scraping For Restaurant Reviews And Pricing.pdf
byfusiondata2026
 
PPTX
Accelerate Innovation with Engineering R&D Services
byChetu
 
PDF
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
by6xfrnmdp4b
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
CodeMash 2026 - Optimizing Azure App Services
byBrian McKeiver
 
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
How Automation Powers Data Quality and Governance at Scale
bySafe Software
 
Best 10 Dedicated Servers in Amsterdam, Netherlands (2026 Enterprise Edition)...
byAtal Networks
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
Why Enterprises Are Moving to Dedicated Servers in the Netherlands
byAtal Networks
 
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
Mercury Computer Systems & The Cell Broadband Engine
bySlide_N
 
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
Zniber Partners. Audience Foresight for Confident Decisions
bySamuel Zniber
 
Just Eat Data Scraping For Restaurant Reviews And Pricing.pdf
byfusiondata2026
 
Accelerate Innovation with Engineering R&D Services
byChetu
 
Philippine Agricultural Engineering Standard_Hand Tractor .pdf
by6xfrnmdp4b
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 

Active Directory Single Sign-On with IBM

  • 1.
    Active Directory SingleSign-On Worldwide Business Partner Technical Enablement 2016 Van Staub – North America Embedded Solution Agreement Technical Sales 1
  • 2.
    Agenda • review ina practical format configuring Active Directory and Active Directory Federation Services • configure SAML with WebSphere • discuss SAML with Connections Cloud • list notable resources at the end
  • 3.
    Installing and ConfiguringActive Directory • the “directory” used to perform authentication with IBM software (e.g. WebSphere Portal) • provides a variety of authentication mechanisms almost out of the box – namely SAML, SPNEGO, and LDAP • very easy to get started
  • 10.
    Active Directory FederationServices 2.0 • supports SAML authentication with ”relying parties” • SAML is a protocol that specifies the identity of a user in an encrypted format • identity of the user is provided using a “claim” (i.e. sAMAccountName or email address)
  • 11.
  • 12.
    Installing and ConfiguringADFS 2.0 • install the ADFS 2.0 software • configure the first federation server • manually add the SSL certificate to IIS if one is not listed as available to use (I re-used a certificate; you can create a self-signed if needed) • verify the SSL certificate you imported is also set as the Token-Signing certificate • also make sure it’s the primary certificate
  • 15.
    manually importing the SSLcertificate into IIS
  • 17.
  • 18.
    Configuring WebSphere forSAML • ensure that security is enabled and working with Active Directory • install the SAML ACS enterprise application • configure the SAML TAI to work with the ADFS IdP • steps create a global configuration • steps are shown manually for clarity
  • 19.
    • simply deploysthe SAML ACS enterprise application • can also be done manually
  • 20.
    • Using WASConsole go to Security -> Global Security -> Web and SIP security - > Trust Association • Uncheck Enable trust association
  • 21.
    • Click Interceptors •com.ibm.ws.secu rity.web.saml.AC STrustAssociatio nInterceptor • add settings seen in screenshot
  • 22.
    • Using WASConsole go to Security -> Global Security -> Custom Properties • add settings seen in screenshot
  • 23.
    • Using WASConsole go to Security -> SSL Certificate and Key Management -> Key stores and Certificates • either NodeDefaultTrust Store or CellDefaultTrustST ore • Add SSL certificate (public key) manually or retrieve from port (i.e. the IIS server) the Token-Signer certificate specified earlier
  • 24.
    certificate alias you justadded to the TrustStore
  • 25.
    • Using WASConsole go to Security -> Federated Repositories -> Configure • Click Trusted authentication realms - inbound • add external ream settings seen in screenshot Federation Server identifier seen earlier
  • 26.
    • Using WASConsole go to Security -> Global Security -> Web and SIP security -> Trust Association • Check Enable trust association
  • 27.
    Creating the Partnership •SAML 2.0 metadata XML can be exported from WebSphere and imported into ADFS • use AdminTask.exportSAMLSpMetadata(‘-spMetadataFileName <SpMetaDataFile> -ssoId 1′) sso_1.sp.acsURL sso_1.sp.acsURL
  • 28.
    use defaults onnext screens
  • 29.
  • 30.
    Resources Understanding the WebSphere ApplicationServer SAML Trust Association Interceptor http://www.ibm.com/developerworks/websphere/techjournal/1307_lansche/1307_lansche.html Step by step guide to implement SAML 2.0 for Portal 8.5 https://developer.ibm.com/digexp/docs/docs/customization-administration/step-step-guide-implement- saml-2-0-portal-8-5/ Front Side SAML SSO with microsoft product (ADFS -> WAS SAML TAI) https://www.ibm.com/developerworks/community/blogs/8f2bc166-3bdc-4a9d-bad4- 3620dbb3e46c/entry/Front_Side_SAML_SSO_with_microsoft_product_ADFS_WAS_SAML_TAI?lang =en Step-by-Step guide to Configure Single sign-on for HTTP requests using SPNEGO web authentication https://www-10.lotus.com/ldd/portalwiki.nsf/dx/Step-by-Step_guide_to_Configure_Single_sign- on_for_HTTP_requests_using_SPNEGO_web_authentication AD + SAML + Kerberos + IBM Notes and Domino = SSO! http://www.andypedisich.com/blogs/andysblog.nsf/dx/robs-saml-presentation-from-mwlug-has-been- posted.htm BP104 Simplifying The S’s: Single Sign-On, SPNEGO and SAML (2014) http://www.idonotes.com/IdoNotes/IdoConnect2013.nsf/dx/bp104-simplifying-the-ss-single-sign-on- spnego-and-saml-2014.htm
  • 31.