Secure >


Single sign-on

HTTP single sign-on preserves user authentication on different Web Applications. By using HTTP single sign-on the user is not prompted multiple times for security credentials within a given trust domain.

The trust domain includes:

In a single sign-on (SSO) scenario, an HTTP cookie is used to propagate a user's authentication information to disparate Web servers relieving the user from entering authentication information for every new client-server session (assuming basic authentication).

WebSphere Commerce generates the Lightweight Third Party Authentication (LTPA) cookie, where it can be used by other WebSphere Application Server applications. This enables WebSphere Commerce to be the authentication engine. A JAAS login module named WCLogin is created and used during authentication to enable WebSphere Commerce to generate the LTPA cookie.

WebSphere Commerce requires LDAP to be used as the user repository when generating the LTPA cookie to be used by other WebSphere Application Server applications.

The login module is called during the logon process, where LogonCmd is mapped to the LTPATokenGenerationEnabledBaseAction Struts action. It proceeds to authenticate against the WCLogin JAAS login module to create the LTPA cookies if the user authenticates successfully.

Attention: There are several key limitations of single sign-on when it is used with WebSphere Commerce. These limitations are:


+

Search Tips   |   Advanced Search