The web blog http://www.learnsccd.com strives to be a comprehensive guide to SCCD, TADDM, SERVICE NOW and MAXIMO tools. This is a personal site maintained solely by me. I intend to update it regularly.For live updates please follow us on.

SSO Configuration with Maximo



SSO Configuration with Maximo

1. Create TESTUSER in the AD.
2. Map SPN for WAS server to the created TESTUSER using command below.

      setspn -a HTTP/washost.mydomain.com TESTUSER
3) Generate keytab file using below command.

> ktpass -out keytabfilename.keytab -princ HTTP/washost.mydomain.com@MYDOMAIN.COM -pass password -ptype KRB5_NT_PRINCIPAL

4) Copy keytabfilename.keytab file to the WAS server and generate Kerberos configuration file using command in wsadmin console.

> $AdminTask createKrbConfigFile {-krbPath c:\ibm\etc\krb5.conf -realm MYDOMAIN.COM -kdcHost adhost.mydomain.com -dns mydomain.com -keytabPath c:\ibm\etc\keytabfilename.keytab}

5) Enable Web sphere security - in my case I have already configured web sphere security (Federated Repositories with one AD server used also for configuring SSO)
6) Enable SSO
7) Enable trust association and add property.

com.ibm.ws.security.spnego.SPN1.hostName=washost.mydomain.com to the Custom Properties for com.ibm.ws.security.spnego.TrustAssociationInterceptorImpl interceptor.

8) Enable SPNEGO at the JVM level for MXServer i.e. add following properties to the Application Servers->MXServer ->Process Definition ->Java Virtual Machine > Custom Properties:

com.ibm.security.jgss.debug = ALL

com.ibm.security.krb5.Krb5Debut = ALL

com.ibm.ws.security.spnego.isEnabled = true

java.security.krb5.conf = c:\ibm\etc\krb5.conf

9) Restart Web sphere.
10. Configure the both browsers to support SSO (Get steps to how to enable browsers for SSO support).