Authentication
Overview
Authentication means that users identify themselves to gain access to the system. Users can identify themselves immediately upon entry to the system or they can be challenged by the system when they try to access a protected resource before identifying themselves. The user ID/password combination is the most common method of identifying a user to the system.
WebSphere Portal does not support multiple, simultaneous logins using the same userid and password.
After a user has been authenticated, the system can determine if that user is authorized to access the resources that are requested.
By default WebSphere Portal uses the Custom Form-based Authentication mechanism of WAS to prompt users for identity. Alternately, the system can be configured for third-party authentication through an external security manager or SSL Client Authentication.
Basic Portal Authentication
LTPA Authentication
WAS can provide single sign-on between itself and certain web appservers by sharing LTPA tokens, which contain user data, expiration time and a digital signature that is signed with a private key of the authenticating user. They are stored as encrypted cookies. The key for decrypting the cookie is normally generated by WAS and shared with any back-end (but primarily Domino) application servers. Normally, a shared LTPA token will be used to provide single sign-on between WebSphere Portal and a back-end Lotus Domino Application Server. It is also possible to use LTPA to provide single sign-on between WebSphere Portal and other WASs (that do not fall within the same WebSphere security realm as the Application Server used by WebSphere Portal).
It is important to note that IBM developed the LTPA mechanism. While they have published the specification, it is generally only supported by IBM products. The wider computer security community has largely adopted Kerberos technology to provide the same functionality.
See also
- User registries
- Single signon
- Credential Vault and Credential Service
- Access Control
- Authorization
- External security managers
- Set up SSL
- Managing security
- Portlet authentication
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.