WebSphere Integration Guide

Configuring single sign-on in WebSphere

Configure a SAML trust association interceptor (TAI) on your WebSphere Application Server (WAS).

Steps

  1. Complete the steps in Enabling your system to use the SAML web single sign-on (SSO) feature in the WebSphere documentation. Add custom properties to your TAI based on the table below.

    Trust association interceptor custom properties for PingFederate
    Property Description

    sso_<id>.sp.acsUrl

    The assertion consumer service URL for the WebSphere SAML ACS servlet, such as https://was_host:was_port/samlsps/applicationacs.

    sso_<id>.sp.EntityID

    Enter an entity ID of your choosing for your WAS. This is included in the SAML metadata file that you export in the next step.

    sso_<id>.idp_<id>.EntityID

    The SAML 2.0 Entity ID that you entered in Enabling single sign-on in PingFederate.

    sso_<id>.idp_<id>.SingleSignOnUrl

    The PingFederate SSO URL, such as https://pf_host:pf_port/idp/SSO.saml2.

    sso_<id>.idp_<id>.certAlias

    Enter a name of your choosing to identity the PingFederate signing certificate. You will use this when you import the certificate to WebSphere.

    sso_<id>.sp.login.error.page

    Your WAS authentication error page.

    This property is also used in the optional Configuring service provider-initiated SSO steps.

    sso_<id>.sp.targetUrl

    The URL of the target application.

    To test your configuration, you can enter https://was_host:was_port/snoop.

    For detailed specifications for these properties, see SAML web single sign-on (SS) trust association interceptor (TAI) custom properties in the WebSphere documentation.

  2. Complete the steps in Exporting SAML web service provider metadata using the wsadmin command-line utility in the WebSphere documentation. Save the metadata file to your PingFederate server. You will use it in Creating a single sign-on connection.

  3. Complete the steps in Importing SAML identity provider (IdP) partner metadata using the wsadmin command-line utility in the WebSphere documentation. Select the metadata file that you saved in Exporting SAML metadata from PingFederate. Use the alias that you chose for the sso_<id>.idp_<id>.certAlias property.

  4. Complete the steps in Configuring single sign-on (SSO) partners in the WebSphere documentation.