-
Notifications
You must be signed in to change notification settings - Fork 70
SSO Configuration
This article covers how to leverage the Single Sign-on(SSO) endpoint which is provided out of the box (OOTB) in SDK. You will find a definition of the SSO Endpoint in managed-beans.xml.
"To refer to a definition of SSO endpoint please refer to managed-beans.xml of com.ibm.sbt.sample.web Project, The path to Managed-beans.xml is as follows Path: /com.ibm.sbt.sample.web/WebContent/WEB-INF/managed-beans.xml The managed-beans.xml of sample web Project includes the SSO endpoint in default environment. The Bean class implementing the SSO endpoint for connections is ConnectionsSSOEndpoint. Following table shows the properties of connectionSSO bean:
Table 1. Set of managed properties for com.ibm.sbt.services.endpoints.SSOEndpoint, which is LTPA based SSO authentication.
property-name description url The URL of the server. authenticationPage (optional) Value of true or false. If true, certificate errors are ignored authenticationService API to be used by bean for validating user credentials.
you can also refer to the following links for more information on Endpoints and how to configure them. Endpoint Reference Configuring Endpoints ===How to leverage SSO Endpoint=== The sample usage of SSO endpoint is explained using a portlet. It shows how do we leverage underlying SSO configuration. The Sample Portlet consumes SDK and makes use of JavaScript API's of connections offered in SDK.The connections JavaScript APIs of SDK has many high level wrappers for Connections Services for eg. Communities, Profiles etc. which can be used to connect to the IBM Connections server and get the data from the Connections services. Prerequisite: Establish SSO(LTPA token based) between WebSphere portal and IBM Connections. For more information on how to establish SSO, you can refer this link : Enabling SSO for the portlets for a stand-alone LDAP server Create a JSR 286 portlet project and develop a portlet which consumes SDK. note: Please refer to this link J2EE Portlets SDK , for information on how to create portlets using SBTK API. Add the Managed-beans xml under WebContent/WEB-INF of the new project and ensure that the above Connections SSO definition is available in the managed-beans xml file and is also added in the "endpoints" property value of "defaultEnvironment" bean, as shown below :
In the view jsp of the portlet where the social data needs to be rendered using the SDK APIs, add the following lines of code to see the list of five my communities from Community Service of IBM Connections. The Following code snippet shows how the SSO endpoint can be used, as you can see in the highlighted lines in JSP below, the service Constructor for Community Service, uses the endpoint "connectionsSSO".
The portlet uses the "connectionsSSO" endpoint. Once user logs in to portal , My Communities Portlet does not prompt for user credentials while fetching content from Connections server . Instead uses the SSO endpoint to fetch communities of portal user. {code:} require(["sbt/connections/CommunityService", "sbt/dom"], function(CommunityService,dom) { var createRow = function(title, communityUuid) { var table = dom.byId("communitiesTable"); var tr = document.createElement("tr"); table.appendChild(tr); var td = document.createElement("td"); td.innerHTML = title; tr.appendChild(td); td = document.createElement("td"); td.innerHTML = communityUuid; tr.appendChild(td); };
var communityService = new CommunityService({endpoint : "connectionsSSO"});
communityService.getMyCommunities().then(
function(communities) {
if (communities.length == 0) {
text = "You are not a member of any communities.";
} else {
for(var i=0; i<communities.length; i++){
var community = communities[i];
var title = community.getTitle();
var communityUuid = community.getCommunityUuid();
createRow(title, communityUuid);
}
}
},
function(error) {
dom.setText("content", "Error code:" + error.code + ", message:" + error.message);
}
);
}
); {code} In case the user session expires, the user will be redirected to the portal login page on page refresh and in case of ajax request, user will be prompted to reauthenticate. The relogin prompt screen is shown below.