Single sign-on

The philosophy behind the HTTP single sign-on is to preserve user authentication to different Web Applications. Its goal is to avoid prompting the user multiple times for security credentials within a given trust domain that includes: Cooperating but disparate WAS servers, Cooperating applications such as LDAP servers such as IBM Directory Server.

In a single sign-on (SSO) scenario, an HTTP cookie is used to propagate a user's authentication information to disparate Web servers relieving the user from entering authentication information for every new client-server session (assuming basic authentication).
Attention: There are several key limitations of single sign-on when it is used with WebSphere Commerce. These limitations are:

• The LTPA cookies may flow across different Web server ports.

• You need to modify the WebSphere Commerce configuration file and ensure that the MigrateUsersFromWCSdb flag is set to "ON".

• The machines participating in the single sign-on configuration must have their system clocks synchronized.

• Single sign-on is only supported between applications that can read and issue the WAS Light Weight Third Party Authentication (LTPA) token.

• Single sign-on works only with browsers that accept cookies, so that LTPA cookies can be written.

 

Related tasks

Enabling single sign-on