Single sign-on for authentication
With single sign-on (SSO) support, web users can authenticate once when accessing multiple WebSphere Application Server domains. LTPA cookies do not require any particular client, and allow SSO across different cells provided the registry and LTPA keys are the same. Other types of SSO include SPNEGO, which uses Kerberos tokens (typically Windows), and TAIs when used in combination with a proxy server that does the front-end authentication. The TAI allows the credentials to flow to WebSphere from the proxy server.
Subtopics
- Single sign-on for authentication using LTPA cookies
- Use a WAS API to achieve downstream web single sign-on with an LtpaToken2 cookie
- Global single sign-on principal mapping for authentication
- Single sign-on for HTTP requests using SPNEGO web authentication
- Create a single sign-on for HTTP requests using SPNEGO Web authentication
- Implement single sign-on to minimize web user authentications
- Configure single sign-on capability with Tivoli Access Manager or WebSEAL