Manish,
you can achieve SSO by connecting to systems (your tomcat react web app and BAW) to the same identity provider. This will ensure that a user that navigates via browser to the one and later to the other system is prompted for authentication just once - even though there is a screen flicker of redirects until the user gets into the 2nd system.
In your headerless scenario, you'll want to to authenticate to the react web app and ensure that the browser side JS code has a token at hand to include in REST requests to BAW so that these requests are authenticated.
You can achieve that by obtaining tokens from e.g. an OIDC provider and configure BAW to accept these tokens. BAW itself cannot act as a OIDC provider as traditional WebSphere does not offer this capability. However, you can install User Management Service for that purpose, see
https://www.ibm.com/docs/en/baw/20.x?topic=management-installing-configuring-user-service I am not exactly sure why this is not mentioned in the BAW docs, but here is a flow for a browser web app to retrieve the tokens:
https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/21.0.3?topic=SSYHZ8_21.0.3/com.ibm.dba.offerings/topics/con_ums_sso_browser.html------------------------------
Jens Engelke
------------------------------
Original Message:
Sent: Thu May 12, 2022 11:54 PM
From: Manish Poddar
Subject: How to authenticate user in case of Headless Implementation
We are building a headless process in IBM BAW (20.x non container). Business user will use React based web application to access BAW task which will be hosted on tomcat.
Can we establish SSO between tomcat and WebSphere such that BAW Rest API can be invoked seamlessly from web application?
------------------------------
Manish Poddar
------------------------------