ISV enablement
This information describes ISV considerations for the enablement of single signon, and how ISVs can create applications and programs that can participate in a single signon environment.
As an independent software vendor (ISV) you know that many of your customers are implementing single signon environments to take advantage of the cost and time benefits that single signon provides. You want to ensure that you design your application products to participate in single signon environments so that you can continue to provide the solutions that your customers want and need.
To enable your applications to participate in an i5/OS® single signon environment, you need to perform the following tasks:
- Enable your i5/OS server applications for EIM
- One of the foundations of a single signon environment is Enterprise Identity Mapping.
EIM is a mechanism for mapping or associating a person or entity to the appropriate user identities in various registries throughout the enterprise. Application developers for i5/OS use EIM to build applications that use one user registry for authentication and another for authorization--without requiring the user to provide another set of credentials. EIM provides APIs for creating and managing these identity mapping relationships, as well as APIs that applications use to query this information. You can write applications that use EIM APIs to perform lookup operations for user identities within an enterprise.
- Enable your i5/OS server and client applications to use a common authentication mechanism
- While you are free to choose any common authentication mechanism you want for your application's single signon environment, the i5/OS single signon environment is based on the network authentication service (Kerberos)
which provides an integrated single signon environment with Windows® 2000 domains.
If you want your applications to participate with the same secure, integrated single signon environment as i5/OS,
should choose network authentication service as the authentication mechanism for your applications. The following are examples of the different authentication methods you can choose for your applications:
- Network authentication service
-
Use the Scenario: Enable single signon for ISV applications to learn how to use EIM application programming interfaces (APIs) in conjunction with network authentication service to create applications that can fully participate in a single signon environment. This scenario includes some ISV code examples,
including pseudocode, for example pseudocode and snippets that you can use to help complete your program.
- Digital certificates
- It is possible to develop applications for a single signon environment that use digital certificates as the authentication method. To insert the necessary code into your program for authenticating with digital certificates,
use the Digital Certificate Management APIs.
- Lightweight Directory Access Protocol (LDAP)
- It is possible to develop applications for a single signon environment that use the directory server as the authentication method. To insert the necessary code into your program for authenticating with the directory server,
use the Lightweight Directory Access Protocol (LDAP) APIs.
Parent topic:
Single signon concepts