Configure device single sign-on with a reverse proxy

Device SSO and reverse proxies

Device single sign-on with a reverse proxy can be achieved with the Simple data sharing feature, which allows a set of applications to share authentication cookies allowing access through the reverse proxy, and delegate authentication to the MobileFirst Server Device SSO realm.

The Simple Data Sharing feature is supported only on iOS and Android devices.

With the Simple Data Sharing feature, we can tell the MobileFirst client runtime environment to share credentials among applications in the same MobileFirst application family. Because you are working with security tokens, we must ensure that access to the applications is protected by other mechanisms.

For example, ensure that the device is not jailbroken, and that the device is password-protected. See Simple data sharing limitations and special considerations.

Configure device single sign-on with a reverse proxy

1. Enable the Simple Data Sharing feature

2. For hybrid applications, follow these steps.

   1. Ensure that you select the MobileFirst device SSO option.

   2. Specify a comma-separated list of cookie names you want MPF to remember and share among the applications in the specified family.

   

3. For native applications, follow these steps.

   1. Add the wlShareCookies property in the MobileFirst properties file.

   2. Specify a comma-separated list of cookie names you want MPF to remember and share among the applications in the specified family.
   wlShareCookies = PD-S-SESSION-ID

   Each application in the MobileFirst family must be enabled for simple data sharing, and must also specify the cookie, which it agrees to share and reuse. For example, we can specify any one of the PD-*SESSION-ID cookies for Security Access Manager or the Ltpatoken or Ltpatoken2 cookies for IBM WebSphere DataPower.

Results

We have configured device single sign-on with a reverse proxy.

Parent topic: Configure device single sign-on