SSO Help

An Online Community for Identity & Access Management Professionals

Jim Marsen

SSO with IBM System i

I'm looking for an SSO solution for our IIS based portal protected by SiteMinder and an IBM System i.  We want to have our users log in to SiteMinder and then be able to access their System i account without having to do another login. 

I understand that System i supports Kerberos and there is some support for Kerberos within Siteminder.  Has anyone been able to leverage this? 

Is the Federated Security Services option of Siteminder any help here?

Any other suggestions would be appreciated.

Regards,
Jim Marsen

Views: 27

Reply to This

Replies to This Discussion

Todd ClaytonPermalink Reply by Todd Clayton on July 8, 2010 at 8:55am
Hi Jim,

Can you clarify a little what you are trying to do? When the user logs in to the IIS based portal are they going through the web to the IBM System i or are they accessing it a different way?

Thanks,
Todd
Jim MarsenPermalink Reply by Jim Marsen on July 18, 2010 at 8:13pm
Our users are members of business partners (not within our intranet/enterprise). They are using our web based portal applications which are protected by Siteminder. They also need to access applications located on our IBM Sysetm i servers using IBM Client Access for Windows (a 5250 terminal emulator) which runs as a Windows desktop application. We want them to be able to log into our web portal and then be able to use the Client Access emulator to access their System i accounts without having to reauthenticate to the System i.

System i (both emulator client and server) supports Kerberos. I also understand that Siteminder has some support for Kerberos and would like to try to leverage this but I can't figure out how to pass a Kerberos TGT to the client.

Another less desirable option is to retrieve the System i user credentials after authentication by Siteminder and plug them into the login screen via EHLAPPI. Could the CA Single Sign-On product be of help here? It supposedly integrates with Siteminder.

Regards,
Jim

RSS

CoreBlox Blog

Configuring OpenLDAP as a SiteMinder Policy Store

Setting the Windows Security Context with SiteMinder

Radiant Logic Blog

Matt Flynn's IDM Blog

Access Governance Continuum

Identity Solutions and Unstructured Data

The Most Powerful Voices in Security

IdentityStuff

Don' Mess with Texas, unless you are the FBI...

Backstopp - The Morning After Pill for Identity Management?

Ash's IdM Rantings

Identropy Reviews Cutting Identity Management Operating Costs

Regarding a Potential Way Forward for SPML

IAM Failures...Product or Services?

Burton Group: Identity Mgt Blog

This Thing is OFF (in a good way). BONUS: Catalyst SPML SIG

Catalyst Europe is Coming Up Fast!

SPML: Life Support Redux

IdM Thoughtplace

Calling all Dispatchers

Tutorial Follow up

Cutting the Gordian Provisioning Knot

Identity Thought Stream

F*** it, I'm lighting 100 candles - Entitlement Management 2012

Book Review - Grouped

IBM Dropping Tivoli Brand from IAM Suite

Jackson's Identity Management & Active Directory Reality Tour Travelblog

Multifactor Authentication for Dummies

SCIM, PEX and what the parrot saw

Sudo video

Discovering Identity

How Many iPhone Apps Do You Use?

Oracle Street in Mesa, Arizona

Identity Services for Cloud Computing

© 2012   Created by CoreBlox

Badges  |  Report an Issue  |  Terms of Service