Here is my scenario: I have a Filenet 5.2.1 – Navigator 2.0.3 – WebSphere 8.5.5 – AIX – Active Directory platform working without a problem, then the customer asks for SSO using SPNEGO. All the configuration was made according to the documentation and even making tests using the snoop servlet included in WebSphere works fine, but when accessing the Navigator URL, the login page is shown. We have enabled the trace and found this message:
[6/28/17 18:09:30:759 CDT] 0000012c SystemOut O CIWEB Debug: [unknown(unknown) @ 172.18.127.0] [REQUEST 235] com.ibm.ecm.struts.actions.GetDesktopAction.desktopConnect() Desktop is SSO: false
I have not found in the Desktop, nor in the repository any configuration related to SSO, did we miss any configuration?
Because we do not have access to graphical interface in AIX, we created a new Navigator profile using this command line:
./configmgr_cl generateConfig -appserver websphere -appserverVersion 8.5 -securitydomain default -configure_FileNetP8 yes -configure_CMIS_FileNetP8 yes -configure_CMIS_FileNetP8_V11 yes -db db2 -icn_sso cca -cmisAuth wssecurity -deploy cluster -ldap activedirectory -ldap_Repository federated -profile /usr/IBM/Navigator/ECMClient/configure/profiles/navUATSSO
According to the documentation the SSO is enabled by using this parameter -icn_sso cca , however this profile is using the DB that was already working, because we wanted to keep the configuration made, could it be possible that something is missing in the DB?