Hi Michael,
Thank you for the quick reply.
That reference seems to be about using SSO with BAW itself (SSO to Process Admin, Process Portal etc), We've upgraded from a traditional FileNet Case Manager 5.3.3 system to use the BAW Case Manager equivalent. We're not really interfacing with BAW beyond what is necessary to support the Case Manager functionality.
We're using an external FileNet Content Platform Engine, and External Content Navigator, using the standard Case Manager bits of BAW (calling BAW Case plugins from Navigator).
The customer requires the Kerberos/SPNEGO SSO config, which is already welI documented, and worked on the traditional Case Manager.
I was was checking if there is anything required on the BAW side in this context to enable the calling of those plugins without a login to BAW being necessary.
My feeling is it shouldn't be necessary to do anything since a manual , non-SSO, login to Content Navigator calls BAW components without explicitly logging into BAW.
Except, I saw the webpage at
https://www.ibm.com/docs/en/baw/19.x?topic=csss-configuring-business-automation-workflow-support-sso-through-kerberos-spnegothis seemed to imply that work was required on the BAW Case Configuration side to enable SSO from Content Navigator and Case.
Except, this page and a whole suite of other SSO related pages one step up, are only relevant for BAW 19.x.
There are no equivalent pages for 20.x, 21.x, or 22.x.
In fact the entire "Configuring single sign on security" section is gone from 20.x and above.
(https://www.ibm.com/docs/en/baw/19.x?topic=solutions-configuring-single-sign-security)
We're using 21.0.3.
Hence the question about what had changed.....
Thanks.
------------------------------
Steve Lonmo
------------------------------
Original Message:
Sent: Fri September 16, 2022 12:10 PM
From: Michael Kirchner
Subject: BAW support for SSO through Kerberos SPNEGO
Hi Steve,
did you check the following section in the BAW 20.x documentation?
https://www.ibm.com/docs/en/baw/20.x?topic=environment-configuring-third-party-authentication-products
Best regards,
Michael
------------------------------
Michael Kirchner
Leading Technical Specialist - Digital Business Automation
IBM Technology
Germany
Original Message:
Sent: Fri September 16, 2022 10:25 AM
From: Steve Lonmo
Subject: BAW support for SSO through Kerberos SPNEGO
Hi,
I've set up SSO on Content Navigator on WebSphere via kerberos and SPNEGO. Doing a Google search for "business automation workflow case kerberos authentication" I see a web page for BAW entitled"Configuring IBM Business Automation Workflow to support SSO through Kerberos SPNEGO"
Which describes how to set up the Case Configuration tool to cater for this SSO method as well.
I'm not sure if this is necessary to call BAW plugins from ICN. But if something in BAW is required to be done, the page applies to BAW version 19.x only. There is no equivalent page for 20.x or 22.x
Can anyone say what happened after 19.x.
Is BAW SSO via Content Navigator handled differently ? Is it unnecessary to do any extra configuration other than the ICN config?
I hope this request makes sense.
Any knowledge appreciated.
Many thanks.
------------------------------
Steve Lonmo
------------------------------