Hello,

is it possible to configure WebSphere as identity provider in a SAMP or OAUTH/OPENID environment. I read already the follwing documentation:

• Enabling your system to use the SAML
• OAuth 2.0 services
• Registering OAuth clients

But as far as I understand WebSphere cannot play the role of an IDP, or am I wrong?

I have the following situation:

We have an existing Web Application A with a DB2 database containing a tables for the user credentials (username, password) and roles. This application is deployed on a WebSphere application server. Now a new application B is implemented, which should use the users and roles of application A for authorization to access the protected web pages of application B. So an unauthorized user should be redirected to the login npage of application A (IDP) and after sucessful authentication redirected to the web page of application B. Appliation B is deployed on an external application server. So I have a classic SSO situation. When a user is authenticated by Application A (IDP) it should be authorized ta access the protected pages of application A and B depending on the roles associated to the user,

So the question is, how can I configure WebSphere/application A to serve as IDP for application A and B?

If this is not possible, are there recomended third products i can use for this purpose?

Thank you for hints and support
Thomas

------------------------------
Thomas Mayr
------------------------------

OIDC/OAuth: Liberty can be setup as either OIDC OP (IdP), or OIDC RP (client)
SAML: Liberty is SAML SP out-of-box. But it is possible to deploy shibboleth into Liberty, and turn Liberty into SAML IdP.

------------------------------
Chunlong Liang
------------------------------

Original Message:
Sent: Wed February 16, 2022 03:48 AM
From: Thomas Mayr
Subject: WebSphere as SAML or OAUTH/OPENID Identity Provider

Hello,

is it possible to configure WebSphere as identity provider in a SAMP or OAUTH/OPENID environment. I read already the follwing documentation:

• Enabling your system to use the SAML
• OAuth 2.0 services
• Registering OAuth clients

But as far as I understand WebSphere cannot play the role of an IDP, or am I wrong?

I have the following situation:

We have an existing Web Application A with a DB2 database containing a tables for the user credentials (username, password) and roles. This application is deployed on a WebSphere application server. Now a new application B is implemented, which should use the users and roles of application A for authorization to access the protected web pages of application B. So an unauthorized user should be redirected to the login npage of application A (IDP) and after sucessful authentication redirected to the web page of application B. Appliation B is deployed on an external application server. So I have a classic SSO situation. When a user is authenticated by Application A (IDP) it should be authorized ta access the protected pages of application A and B depending on the roles associated to the user,

So the question is, how can I configure WebSphere/application A to serve as IDP for application A and B?

If this is not possible, are there recomended third products i can use for this purpose?

Thank you for hints and support
Thomas

------------------------------
Thomas Mayr
------------------------------

As @Chunlong Liang said, a Liberty JVM can be set up as a OIDC OP or RP. 
A WebSphere Application Server however, can only be set up as on OAuth 2.0 provider.  It cannot be set up as either an OpenID or OpenID Connect (OIDC) provider.  It can only be configured as RPs for those. 
​
------------------------------
Barbara Jensen
------------------------------

Original Message:
Sent: Wed February 16, 2022 03:48 AM
From: Thomas Mayr
Subject: WebSphere as SAML or OAUTH/OPENID Identity Provider

Hello,

is it possible to configure WebSphere as identity provider in a SAMP or OAUTH/OPENID environment. I read already the follwing documentation:

• Enabling your system to use the SAML
• OAuth 2.0 services
• Registering OAuth clients

But as far as I understand WebSphere cannot play the role of an IDP, or am I wrong?

I have the following situation:

We have an existing Web Application A with a DB2 database containing a tables for the user credentials (username, password) and roles. This application is deployed on a WebSphere application server. Now a new application B is implemented, which should use the users and roles of application A for authorization to access the protected web pages of application B. So an unauthorized user should be redirected to the login npage of application A (IDP) and after sucessful authentication redirected to the web page of application B. Appliation B is deployed on an external application server. So I have a classic SSO situation. When a user is authenticated by Application A (IDP) it should be authorized ta access the protected pages of application A and B depending on the roles associated to the user,

So the question is, how can I configure WebSphere/application A to serve as IDP for application A and B?

If this is not possible, are there recomended third products i can use for this purpose?

Thank you for hints and support
Thomas

------------------------------
Thomas Mayr
------------------------------