Forgerock SSO with container-managed authentication

This topic has 4 replies, 2 voices, and was last updated 2 weeks ago by rajmohanmsc.

  • Author
    Posts
  • #27537
     rajmohanmsc
    Participant

    I am very new to Forgerock,

    I need your expertise advice on implementing SSO SAML MFA for one of our applications. Currently, We are using WebSphere version 8.5 and we use container-managed authentication with LDAP. We got the requirement to implement Forgerock SSO. I am not able to find any documentation which gives step by step implementation. Please, someone, guide me on this. Note : We implemented spnego with Windows SSO- Is it similar to that? do we need any other configuration?

    #27541
     William Hepler
    Participant

    I don’t believe SAML and SPENGO will be similar. This SAML would be more like WS-FED in the windows world.

    From an AM perspective AM can use SAML with any compliant provider. Normally you will have a IDP and a SP and share MetaData to configure and setup SAML.

    Will Websphere be the Identity provide or Service Provider? It sounds like Websphere would be the SP, and AM would be your Hosted IDP.

    You could review the FAQ about SAML from AM
    https://backstage.forgerock.com/knowledge/kb/article/a30470602
    The following is the SAML guide from the docs.
    https://backstage.forgerock.com/docs/am/6.5/saml2-guide/#chap-saml2-implementation-console

    But I don’t believe there is specific details on how to setup Websphere for SAML in our Documentation.

    #27543
     rajmohanmsc
    Participant

    Thanks William,

    In my case Websphere is SP and AM is IDP. ( AM configuration will be taken care by our global team)

    I need to provide the steps to configure SP and how to get User principals.

    Raj

    #27563
     William Hepler
    Participant

    I would recommend then finding Websphere/IBM’s documentation on SAML federation. They should as a standard have a way to export and import metadata.

    You will provide Metadata from your WAS server to the AM group and they will provide MetaData to you to create the federation.

    #27564
     rajmohanmsc
    Participant

    Thanks, Williams for your help. I got some documentation on this.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?