Enabling Single Sign On for WebSphere Portal and IBM Connections

Question

I'm trying to integrate IBM Connections and IBM Websphere Portal(WP) following this documentation . Can't get the SSO working between them. Here is the point about SSO at the documentation. Implementing all the steps having the message "You are not authorized" in WP connections portlets.

Knowing the SSO with LTPA mechanism I have a couple of questions:

1. in this particular case should the WP server and IBM connections server be at the same domain in order for the LTPA to work?
2. should WP websphere server's security be configured to use the same federated reposirory as a connections server? (connections server uses MAD LDAP)
3. and can anybody explain what id to use to authenticate in WP (I mean should it be it LDAP and not be as a local system user?)

Answer 1

1 - they can actually be the same top level domain, you just need to change your General Settings > Web SSO settings for instance, I could set the sso domain to .ibm.com intead of a more specific domain, where my servers are in test.org.conx.ibm.com and portalserver.portal.ibm.com

2 - It's much easier if they use the same repository, but it is not required, as long as the ltpa token is used to login to the secondary server such as connections.

3 - well, what ever group you have in your corporate ldap that is set to manage portal, and the ids which you have to access the portal. generally these should be either mail;cn;uid