We are trying to configure a Liberty Server to host and render custom JSR286 portlets to IBM Portal via WSRP. The Default Server configuration for features and LDAP, LTPA and SSO is done and two IBM WSRP 2.0 Producer EAR files have been deployed. One is configured for NO security and the other have been configured for WS-Security by setting the Environment Variables in the web.xml files respectively.
On the portal server we can get the portlets consumed from the non-secured producer, and have configured HTTP LTPA cookie forwarding for the secured producer.
When trying to consume a portlet from the secured producer, I can see the LTPA cookie in die SOAP headers, but we are getting "MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood"
I followed the WSRP Documentation on how to configure security for WSRP for Websphere Liberty by using HTTP-cookie-based sso : See section "Securing the WSRP Producer by HTTP-cookie-based single sign-on" in WSRP Documentation
Following this info, I still get the "MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood" error in the logs.
All I need at the end of the day, is a secure way to use the WSRP producer (Downloaded from IBM WSRP 2.0 Producer) on Liberty profile to expose portlets to IBM WebSphere Portal and exchange the user context for the portlets to be able to get the logged in user details.
How do one configure security for WSRP for WebSphere Liberty?
NOTE: Not Full profile, but for Liberty profile.
Can somebody please help or point us in the right direction
have you done the steps to share the ltpa keys and set both consumer and producer to the same user registry The doc states this "The requirements for SSO depend on the authentication method that is used. For example, if you use LTPA version 1 or version 2, the WSRP Consumer and the WSRP Producer must use the same user registry or use the same realm. In addition, the WSRP Producer and the WSRP Consumer must exchange shared keys that are used to sign the security credentials."
per here https://www.ibm.com/support/knowledgecenter/en/SSYJ99_8.5.0/admin-system/wsrpt_prod_sec_ws.html
I would test that SSO is working by itself before trying to even bring wsrp into the mix
and more steps to configure on the consumer https://www.ibm.com/support/knowledgecenter/en/SSYJ99_8.5.0/admin-system/wsrpt_cons_sec_ws_http_cb_sso.html