Single signon
Overview
Single signon support allows portlets to retrieve one of several representations of a user's authenticated identity, which the portlet can then pass to a back-end application. This is much like WebSphere Portal and the portlet acting as an authentication proxy to the back-end application.
Using single signon, a user can authenticate once when logging in to WebSphere Portal, and the user's identity is passed on to applications without requiring additional identity verification from the user. WebSphere Portal supports single signon through WAS and other authentication proxies, such as TAM, and leverages the single signon capabilities between WAS and Domino.
Single signon in WebSphere Portal has two levels:
Credential Service Encapsulates the functionality of single signon for the portlet writer in an object provided by the Service Custom More flexible but requires portlet writers to directly use the single signon functions of WebSphere Portal and manage their own connections and authentication to back-end applications.
WebSphere Portal and JAAS
The single signon functions of WebSphere Portal use a subset of JAAS. The used subset is the authentication portion; WebSphere Portal does not support true JAAS authorization.
WebSphere Portal builds a JAAS Subject for each logged on user. The Subject consists of Principals and Credentials. A Principal is a piece of data, such as the user ID or user's DN, that gives the identity of the Subject. A Credential is a piece of data, such as a password or a CORBA Credential, that can be used to authenticate a subject. The Subject carries around the Principals and Credentials that can be used by the portlet directly or through the credential service.
See also
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.