{"id":563,"date":"2017-06-03T12:21:07","date_gmt":"2017-06-03T10:21:07","guid":{"rendered":"http:\/\/h2916922.stratoserver.net:8084\/?p=563"},"modified":"2017-06-03T13:20:53","modified_gmt":"2017-06-03T11:20:53","slug":"poor-mans-sso-2","status":"publish","type":"post","link":"https:\/\/www.ivojonker.nl\/?p=563","title":{"rendered":"Poor man’s SSO #2 (on websphere)"},"content":{"rendered":"

After sharing a strategy for a poor-man’s SSO solution last month (Logging-in from another application (poor man’s SSO)<\/a>) I\u00a0got into contact with one of my readers asking for similar functionality. As i helped t hem pro bono, i figured i could share the proof of concept, additionally giving insight in how to create a TAI.<\/p>\n

The problem:<\/p>\n

We want a certain Content Navigator Desktop to be accesible by everyone. If a person is not already authenticated, he should be authenticated as ‘guest’.<\/p>\n

The solution:<\/p>\n

A Trusted Association Interceptor<\/a>, that intercepts url’s with a specific format (containing desktop=guest) and authenticates any un-authenticated users’s as guest.<\/p>\n

The source can be found here<\/a>, a compiled jar here<\/a>.<\/p>\n

Instructions:<\/strong><\/p>\n

1. Make sure the TAI.jar is loaded in WAS.<\/h3>\n

This can be done by placing it in the AppServer\\lib\\ext folder, or even better, by attaching the jar via a shared-library.<\/p>\n

2. Configure the TAI<\/h3>\n

In the wasadmin (ibm\/console) go to Security -> Global Security -> Trust association.<\/p>\n

Check ” Enable trust association” \u00a0and configure the following interceptor:<\/p>\n

Interceptor class-name: nl.ivojonker.icn.samples.GuestDesktopSSOLogin<\/p>\n

Properties:<\/p>\n

urlRegexPattern: <a pattern that will match the TAI to an url> \u00a0– e.g.; http.*9080.*desktop=guest<\/p>\n

guestDN = <The guest account> e.g.: CN=GuestUser,CN=Users,DC=DEVELOPMENT,DC=LOCAL<\/p>\n

3. Reboot websphere<\/h3>\n

These kind of changes require a websphere reboot.<\/p>\n

 <\/p>\n

Next: Access your guest desktop, without logging in and observe you’ll be entering as guest \ud83d\ude42<\/p>\n

 <\/p>\n

Cheers!<\/p>\n","protected":false},"excerpt":{"rendered":"

After sharing a strategy for a poor-man’s SSO solution last month (Logging-in from another application (poor man’s SSO)) I\u00a0got into contact with one of my readers asking for similar functionality. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-563","post","type-post","status-publish","format-standard","hentry","category-geen-categorie"],"_links":{"self":[{"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/posts\/563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=563"}],"version-history":[{"count":6,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/posts\/563\/revisions"}],"predecessor-version":[{"id":569,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=\/wp\/v2\/posts\/563\/revisions\/569"}],"wp:attachment":[{"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ivojonker.nl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}