Cloud Pak for Business Automation

 View Only

  • 1.  Enabling SSO for Filenet which is running on OCP

    Posted Tue December 28, 2021 09:11 AM
    As far as I know, SSO integration structure is completely different in CP4BA 21.0.3 version.
    I am looking for a guide to enable SSO for Filenet which is running on OCP.  Do you have any reference for this or 
    is there anyone who can enable SSO for Filenet is running on OCP?


    ------------------------------
    Basak Yazirli
    ------------------------------


  • 2.  RE: Enabling SSO for Filenet which is running on OCP

    Posted Tue January 25, 2022 03:54 PM

    In CP4BA 21.0.3, if deploying with the CP4A deployment context (i.e. shared_configuration.sc_deployment_context: CP4A), then IAM/Zen authentication is enabled by default.  In this case, IAM must be used for authentication.  IAM allows you to configure LDAP based user registries as well as SAML for SSO (https://www.ibm.com/docs/en/cloud-paks/1.0?topic=users-configuring-single-sign).  However, it currently does not support configuring OIDC identity providers for SSO.

    If you deploy FNCM standalone via

    • shared_configuration.sc_deployment_context: FNCM
    • shared_configuration.sc_deployment_patterns: content
    Then IAM/Zen is disabled by default.  So you are free to choose the OIDC identity provider you have used in past releases.

    ------------------------------
    ROGER Bacalzo
    ------------------------------

    Original Message


  • 3.  RE: Enabling SSO for Filenet which is running on OCP

    Posted Fri July 15, 2022 10:20 AM
    I already implemented for on-prem version of ICN with SiteMinder SSO with Kerberos Auth Scheme, now I am looking to implement SSO with Business Automation Navigator in CP4BA. Based on the CP4BA capability I understood, IAM service need to be enabled with SAML Authentication and configure with SAML IdP. My question are
    1.  that can I enable SSO only for specific component of the CloudPak such as only for BAN but not for ACCE? 
    2. If the use is accessing the BAN url, does the user automatically get login to BAN without asking for login or without having the user to click on SAML authentication option on Zen/IAM page (A Zen page is common login for CP4BA components that presents user with links to click on Enterprise LDAP, OpenShift Authentication, SAML Authentication (if SAML enabled to IAM) etc.)


    ------------------------------
    Anup Reddy Mereddy
    ------------------------------

    Original Message


  • 4.  RE: Enabling SSO for Filenet which is running on OCP

    Posted Thu November 07, 2024 11:08 AM

    I am concluding my questions as I found the answers.

    1) No, once SSO is enabled at IAM level, all the cp4ba application capabilities will get SSO feature. If you would see SAML SSO Login link in addition to Enterprise LDAP login link as a login option where user can chose how they want to login

    2) Yes, PREFFERED_LOGIN variable has to be set to SAML to enforce automatic login of the application at the user-mgmt config map. See the documentation for the same.



    ------------------------------
    Anup Mereddy
    ------------------------------

    Original Message