Establishing SSO between EP and IBMwebsphere AS

Former Member · ‎01-30-2012

Dear All,

Our current environment is

The Lotus Domino server version is 8.5x

IBM websphere AS version 7.0

SAP Enterprise Portal is on 7.0 SP 20.

Portal UME is ABAP engine. and All Lotus users are on Domino server directory.

Currently they have Lotus Connections which is running on

IBM websphere Application server and Lotus Quicker which is on IBM websphere Portal.

and Lotus Notes,calendar, sametime on Domino server.

Now the requirement is to establish SSO between SAP EP 7.0 and the Lotus applications on IBM Websphere AS

and Domino sever.

Both the Lotus Connections and Lotus Quicker can understand the LTPA tokens.

I have read documents on establishing SSO between Domino and EP and

i have understood the options.

But for establishing SSO between EP and Lotus Connections running on IBM Websphere.. i dont find any documents

Can anybody throw some light on this. This is very urgent.

Thanks & Regards,

kavitha

Former Member · ‎01-30-2012

hi,

pls. refer the thread

http://forums.sdn.sap.com/thread.jspa?threadID=1798972

i have been able to set sso between sap ep and ibm filenet.

rgds,

santosh

Former Member · ‎01-30-2012

Hi Santhosh,

Thanks for your reply.

I have also gone through your link. but using the TAI method, it is recommended that both the Portals should share the same LDAP directory.

Here in my case EP is using ABAP Engine as UME and the Applications of IBM WPS have users in Domino Server(8.5x)

so how can i proceed further.

Regards,

Kavitha

Former Member · ‎01-31-2012

Hi,

It is recommended to use a shared user directory to ensure that usernames are same in both the repositories.

In your case how are the usernames mapped.

Rgds,

Santosh

Former Member · ‎01-31-2012

Hi santhosh,

According to the document i see that below are the steps for configuring SSO between EP and IBM WSP.

1. export the SAP EP certificates.

2. keystore creation in IBM WServer

3.import the EP certificates into IBM WServer

4.copy the JAR files to the folder of WSP

5. Create the TAI entry and then configure the TAI

but where exactly are the usermappings done?

In my case the user, uses his EmployeeID to login to the portal(EP 7.0) and to login to the Lotus applications he uses the email id.

But the Domino server has the column where all the employee id's are stored against the email id's.

so i hope there should be somepoint while configuring the TAI we might give the usermappings. At that time against the SAP EP user, we can select the value from that column(where the employee id is there) of the Domino server and map both of them.

will this work?

and where exactly are these mappings to be made?

because i will not work directly on the IBM WSP. but i have to tell my client where this needs to be done.

Thankyou very much.

kavitha.

Former Member · ‎02-01-2012

Hi,

I request you to provide the following information :

In lotus domino server, person document, username field, does it have the employee id. If yes, can the employee log in to the lotus applications using the said employee id.

How is the IBM Websphere Applications user repositiory is configured.

IBM Lotus Connection architecture, is it 32 bit or 64 bit.

The urls to access sap ep and ibm lotus connections, are they in same domain.

The TAI4 SAP uses custom property MYSAPCOOKIENAME to get the MYSAPSSO2 which has the username of the logged in user in encrypted format, using the exported certificate from the SAP EP it decrypts it.

Regards,

Santosh

Former Member · ‎02-08-2012

hi Santhosh,

sorry for my very late reply.

In lotus domino server, person document, username field, does it have the employee id. If yes, can the employee log in to the lotus applications using the said employee id.---- no the user cannot log into the lotus applications using the said employee id.

How is the IBM Websphere Applications user repositiory is configured.--- the user repository is Domino ..

IBM Lotus Connection architecture, is it 32 bit or 64 bit.------- it is 64 bit

and yes the urls to access sap ep and ibm lotus connections, are they in same domain.

Also i have one more doubt.. apart from the configurations mentioned inthe document above is there anything else we need to do.

vijay_kumar49 · ‎02-09-2012

Hi,

Please look at this [Document|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/85ca1a18-0301-0010-96a0-ee35bd01fd70?QuickLink=index&overridelayout=true]

may this is help full

Regards

Vijay K

Former Member · ‎02-15-2012

Hi vijay,

thanks for your reply. in my case SAP Enterprise Portal is leading not IBM websphere portal so the document is not valid for me.

I have already got the correct solution for this .. in the santosh reply...

but my only concern is user mappings..

the document (in this link http://forums.sdn.sap.com/thread.jspa?threadID=1798972) says that an shared directory is needed.for maintain users at both sides..

in our case shared directory (LDAP) cannot not be configured as of now..

Also the user id's in both SAP EP and IBMWebsphere applications are different. SAP EP uses employee id as login id and IBMWebsphere applications use employee email-id as thier login id..

so we are concerned of the usermappings.. How to take of about this..

thanks & regards

kavitha.

Former Member · ‎02-24-2012

Hi Santhosh,

I tried to configure the TAI according to the docuemnt given..

but i am not able to acieve the SSO.

i am getting a error as "java.lang.NoClassDefFoundError: com/sap/i18n/cp/ConvertXToC"

i have few question here:

1. how to download the corresponding jar files

iaik_jce.jar

i18n_cp.jar file and

also rscp4j.dll for windows..

My portal is on unix and IBM WPS is on windows.

Also in the document the first step says..Export the SAP EP certificates using the keystore administration

for this i have just downloaded the verify.der file to my desktop.. will this do or should it be done in another way.

please guide me..

many thanks

Regards,

kavitha.

Edited by: kavitha harika on Feb 24, 2012 1:11 PM