Scenario: Enabling single signon for ISV applications

 

View this information to review scenarios that illustrate typical single signon implementation situations to help you plan your own certificate implementation as part of your server security policy.

 

Situation

You are the lead application developer for an independent software vendor (ISV), and are responsible for overseeing the applications that your company develops and delivers to iSeries™ Navigator customers. You know thatiSeries Navigator provides your customers with the capability of creating and participating in a single signon environment. You want your applications to leverage these single signon capabilities because you feel it will help sell your product. You decide to market an application called Calendar to iSeries Navigator customers that use network authentication service and Enterprise Identity Mapping (EIM) to create their single signon environment. The Calendar application allows users to view and manage their workday schedule. Enabling the Calendar application for single signon requires you to include server specific code within your application which enables it to participate within a single signon environment. You have previous experience creating applications that call EIM APIs, but this will be your first time working with an application that also calls network authentication service APIs.

It is also possible to develop applications for a single signon environment that use a different authentication method. For example, you can insert the necessary code for authenticating with digital certificates, or for binding the directory server, instead of inserting the necessary code for authenticating with network authentication service.

 

Objectives

You want to be able to market your Calendar application to iSeries Navigator customers who are interested in applications that are capable of participating in a single signon environment. You want to enable the server side of the Calendar application to participate in a single signon environment. You have the following objectives, as you complete this scenario:

  • You want to change the server specific part of an existing Calendar application or develop a new Calendar application which participates in a single signon environment that uses EIM and network authentication service.

  • You want to create a single signon environment in which you can test your application.

  • You want to test your Calendar application and ensure that it successfully participates in a single signon environment.

 

Prerequisites and assumptions

Implementation of this scenario depends on the following assumptions and prerequisite conditions:

  • You want your Calendar application to participate in a single signon environment that is configured to use Kerberos and EIM.

  • You already have experience creating applications for the iSeries Navigator systems. See the Programming topic in theiSeries Navigator for information about programming for theiSeries Navigator system.

  • You have a Version 5 Release 4 (V5R4) iSeries Navigator system with the following options and licensed products installed:

  • You have configured your iSeries Navigator system to participate in a Kerberos realm.

  • You write applications in one of the following languages:

    • You use an ILE programming language, such as C, to write your applications and you are familiar with the GSS API set (see the Generic Security Service APIs).

    • You use Java™ to write your applications and you are familiar with the JGSS API set (see the IBM® Java Generic Security Service (JGSS)).

      You may also require the Java toolbox, depending on which set of JGSS APIs you use.

  • You have already completed the client-specific portion of your application, enabling it to use Kerberos authentication.

 

Configuration steps

  1. Completing the planning prerequisite worksheet
  2. Writing a new application or change an existing application
  3. Creating a single signon test environment
  4. Testing your application
  5. ISV code examples

 

Parent topic:

Single signon scenarios