配置Portal6.1与Webseal单点登录步骤

来源：互联网发布：泰安 ug编程培训编辑：程序博客网时间：2024/06/11 14:17

1、创建junction
server task default-webseald-abc.ibm.com create -t tcp -h abc.ibm.com -p 80 -A -F "/data1/chemchina.key" -Z passw0rd -j -c all -f /portal

2、查看对象命名空间命令：object list /WebSEAL
结果：/WebSEAL/abc.ibm.com-default

3、创建组
group import wpsadmins "cn=wpsadmins,cn=groups,dc=chemchina,dc=com"
user import wpsadmin "uid=wpsadmin,cn=users,dc=chemchina,dc=com"
user modify wpsadmin account-valid yes
user import wpsbind "uid=wpsbind,cn=users,dc=chemchina,dc=com"
user modify wpsbind account-valid yes

4、portal junction相关ALC命令:

acl create WPS_authenticated_access
acl create WPS_admin_access
acl create WPS_no_access
acl modify WPS_admin_access set user sec_master TcmdbsvaBrxl
acl modify WPS_admin_access set group iv-admin Tcmdbsvarxl
acl modify WPS_admin_access set group webseal-servers Tgmdbsrxl
acl modify WPS_admin_access set group wpsadmins Tr
acl modify WPS_admin_access set any-other T
acl modify WPS_admin_access set unauthenticated T
acl modify WPS_no_access set user sec_master TcmdbsvaBrxl
acl modify WPS_no_access set group iv-admin Tcmdbsvarxl
acl modify WPS_no_access set group webseal-servers Tgmdbsrxl
acl modify WPS_no_access set group wpsadmins T
acl modify WPS_no_access set any-other T
acl modify WPS_no_access set unauthenticated T
acl modify WPS_authenticated_access set user sec_master TcmdbsvaBrxl
acl modify WPS_authenticated_access set group iv-admin Tcmdbsvarxl
acl modify WPS_authenticated_access set group webseal-servers Tgmdbsrxl
acl modify WPS_authenticated_access set group wpsadmins Tr
acl modify WPS_authenticated_access set any-other Tr
acl modify WPS_authenticated_access set unauthenticated T
acl modify WPS_all_access set user sec_master TcmdbsvaBrxl
acl create WPS_all_access
acl modify WPS_all_access set group iv-admin Tcmdbsvarxl
acl modify WPS_all_access set group webseal-servers Tgmdbsrxl
acl modify WPS_all_access set group wpsadmins Tr
acl modify WPS_all_access set any-other Tr
acl modify WPS_all_access set unauthenticated Tr
acl attach /WebSEAL/abc.ibm.com-default/portal/wps/config WPS_admin_access
acl attach /WebSEAL/abc.ibm.com-default/portal/wps/myportal WPS_authenticated_access
acl attach /WebSEAL/abc.ibm.com-default/portal/wps/portal WPS_all_access
acl attach /WebSEAL/abc.ibm.com-default/portal/wps/doc WPS_all_access
acl attach /WebSEAL/abc.ibm.com-default/portal/wps/wps WPS_all_access

5、创建ldif文件：

dn: dc=chemchina,dc=com
changetype: modify
add: aclEntry
aclEntry:group:cn=SecurityGroup,secAuthority=Default:system:rsc:normal:rwsc:restricted:rwsc
aclEntry:group:cn=ivacld-servers,cn=SecurityGroups,secAuthority=Default:system:rsc:normal:rsc
aclEntry:group:cn=remote-acl-users,cn=SecurityGroups,secAuthority=Default:system:rsc:normal:rsc
aclEntry:group:cn=anybody:system:rsc:normal:rsc:restricted:rsc

6、导入Ldif文件：
#./ldapmodify -D cn=root -w passw0rd -f /data1/acl.ldif

7、在WebSeal服务器/Tivoli/PDWeb/www-default/lib目录下，添加dynurl.conf，jmt.conf两个文件，文件的内容分别为：
jmt.conf：
/portal /wps/portal*
/portal /wps/config*
/portal /wps/doc*
/portal /wps/myportal*
dynurl.conf：
/portal/wps/portal /portal/wps/portal*
/portal/wps/myportal /portal/wps/myportal*
/portal/wps/config /portal/wps/config*
/portal/wps/doc /portal/wps/doc*
/portal /wps*

8、备份/Tivoli/PDWeb/etc下的webseald-default.conf文件，编辑修改该文件的参数如下：
ba-auth = none
forms-auth = https
script-filter = yes
dynurl-allow-large-posts = yes
http-timeout = 300
https-timeout = 300
ssl-id-sessions = no
process-root-requests = filter

9、重启Portal服务器的server1，PortalServer，重启Policy Server、WebSEAL

10、至此Portal SSO配置完毕。

11、https://abc.ibm.com/portal/wps/myportal