Skip main navigation (Press Enter).

IBM TechXchange Community Conference Events IBM Developer

IBM TechXchange Community Conference Events IBM Developer

IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to Blog List

How to Configure SSO for IGI Admin console using ISAM

By Ranvijay posted Mon January 06, 2020 01:10 PM

Like

Authors: Ranvijay Singh and Nishant Singhai

Follow the same steps which is given in this cook book “Cookbook for IBM Security Access Manager 9.0 and IBM Security Identity Governance and Intelligence 5.2”

Cookbook Link :--

http://developer.ibm.com/identitydev/wp-content/uploads/sites/55/2017/04/ISAM9-IGI52-integration-Cookbook-v1.4.pdf

Instead of using the http transformation RULE given for Ideas Realm in above doc , copy and paste this below contents in the file , replace only hostname with yours WebSeal host name and upload the same.

NOTE :-- Make sure your have created users in IGI for admin Roles and account for that is available in ISAM

NOTE :-- Use this file at the place of Ideas Realm to do rest of the continuations

<?xml version="1.0" encoding="UTF-8"?>

<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"

version="1.0">

<!--

This is a template stylesheet which should be used as a guide when

using WebSEAL's HTTP Transformation engine. This sample is relevant to

a request only.

-->

<xsl:strip-space elements="*" />

<!--

Perform a match on the root of the document. Output the required

HTTPRequestChange elements and then process templates.

-->

<xsl:template match="/">

<HTTPRequestChange>

<xsl:apply-templates />

<!-- Perform Object Name processing here. Output should be in the form

<ObjectName>VALUE</ObjectName>

if required. -->

</HTTPRequestChange>

</xsl:template>

<!--

Match on the Method. Any Method processing should happen within this

template.

-->

<xsl:template match="//HTTPRequest/RequestLine/Method">

<!-- Process the Method here. Output should be in the form

<Method>METHOD</Method>

if required. -->

</xsl:template>

<!--

Match on the URI. Any URI processing should happen within this

template.

-->

<xsl:template match="//HTTPRequest/RequestLine/URI">

<xsl:choose>

<xsl:when test="node()='/ideas'">

<HTTPResponseChange action="replace">

<Version>HTTP/1.1</Version>

<StatusCode>302</StatusCode>

<Header name="location" action="add">

https://www.sso.ibm.com/ideas/desk?realm=Admin

</Header>

<Body>%3Chtml%3E%3C%2Fhtml%3E</Body>

</HTTPResponseChange>

</xsl:when>

<xsl:when test="node()='/ideas/'">

<HTTPResponseChange action="replace">

<Version>HTTP/1.1</Version>

<StatusCode>302</StatusCode>

<Header name="location" action="add">

https://www.sso.ibm.com/ideas/desk?realm=Admin

</Header>

<Body>%3Chtml%3E%3C%2Fhtml%3E</Body>

</HTTPResponseChange>

</xsl:when>

<xsl:when test="node()='/ideas/desk'">

<HTTPResponseChange action="replace">

<Version>HTTP/1.1</Version>

<StatusCode>302</StatusCode>

<Header name="location" action="add">

https://www.sso.ibm.com/ideas/desk?realm=Admin

</Header>

<Body>%3Chtml%3E%3C%2Fhtml%3E</Body>

</HTTPResponseChange>

</xsl:when>

<xsl:when test="node()='/ideas/desk/'">

<HTTPResponseChange action="replace">

<Version>HTTP/1.1</Version>

<StatusCode>302</StatusCode>

<Header name="location" action="add">

https://www.sso.ibm.com/ideas/desk?realm=Admin

</Header>

<Body>%3Chtml%3E%3C%2Fhtml%3E</Body>

</HTTPResponseChange>

</xsl:when>

<xsl:when test="node()='/ideas?realm=IDEAS'">

<HTTPResponseChange action="replace">

<Version>HTTP/1.1</Version>

<StatusCode>302</StatusCode>

<Header name="location" action="add">

https://www.sso.ibm.com/ideas/desk?realm=Admin</Header>

<Body>%3Chtml%3E%3C%2Fhtml%3E</Body>

</HTTPResponseChange>

</xsl:when>

</xsl:choose>

</xsl:template>

<!--

Match on the Version. Any Version processing should happen within this

template.

-->

<xsl:template match="//HTTPRequest/RequestLine/Version">

<!-- Process the Version here. Output should be in the form

<Version>VERSION</Version>

if required. -->

</xsl:template>

<!--

Match on the Headers. Any Header processing should happen within this

template.

-->

<xsl:template match="//HTTPRequest/Headers">

<xsl:choose>

<xsl:when test="Header/@name='realm'" />

<xsl:otherwise>

<Header action="add" name="realm">ADMIN</Header>

</xsl:otherwise>

</xsl:choose>

<xsl:apply-templates select="//HTTPRequest/Headers/Header" />

</xsl:template>

<!--

Match on the Cookies. Any Cookie processing should happen within this

template.

-->

<xsl:template match="//HTTPRequest/Cookies">

<!-- Perform Cookie processing here. Output should be in the form

<Cookie name="NAME" action="add|update|remove">VALUE</Cookie>

if required. -->

</xsl:template>

<!--

Match the request scheme. Any processing should happen within

this template.

-->

<xsl:template match="//HTTPRequest/Scheme">

</xsl:template>

</xsl:stylesheet>

Add this below contents in “application.xml” file and upload the same on IGI

<DESK>

<REALM name="Admin" label="ADMIN" isDefault="true" enableHeaderAuth="true"/>

</DESK>

Take a restart of IGI Application and now you’ll be able to access admin console using SSO .

If some how you observe any issues , navigate to below log file and check error message

Configure IGI - > Manage Server Settings - > Custom File Management -> logs – Console -> desk_console.log

0 comments

17 views

Permalink

https://community.ibm.com/community/user/blogs/ranvijay1/2020/01/06/how-to-configure-sso-for-igi-admin-console-using-i

Additional
Resources

Discover these carefully selected resources to dive deeper into your journey and unlock fresh insights

Office

If you need immediate assistance please contact the Community Management team

support@communitysite.ibm.com

Monday - Friday: 8AM - 5 PM MT

Powered by Higher Logic

Global message icon