Author Topic: CMOD Embedded SSO via ICN SAML Token  (Read 1425 times)

Steve Bechtolt

  • Jr. Member
  • **
  • Posts: 56
    • View Profile
CMOD Embedded SSO via ICN SAML Token
« on: July 27, 2021, 01:16:58 PM »
Has anyone had any issues migrating ICN/CMOD SSO via SAML from using the IBM SSO Plugin and ARSUSEC program to the built-in SSO feature CMOD now supports?
We have two clients configured on a single WAS system: one uses PingIdemtity and the other uses OKTA as their Identity Provider.
Both clients work using Plugin/ARSUSEC. The PingIdentity client also work on the new built in SSO, but the OKTA client gets an error when using the built-in method.  The issue is that the LTPA key for that browser session has expired.  The can successfully login, but when they try to open a folder is when they get the message about the expired LTPA key.

Any thoughts?
Steve Bechtolt
IBM Certified Solutions Expert - IBM Content Management - OnDemand Multiplatform
ERM as a Service - DXC Technology


  • Full Member
  • ***
  • Posts: 127
    • View Profile
Re: CMOD Embedded SSO via ICN SAML Token
« Reply #1 on: July 30, 2021, 07:56:29 AM »
My recommendation is to open a case with WebSphere. Sounds like something isn't working/configured properly on the WAS side.