Configure single signon

With single signon support, Web users can authenticate once when accessing both WebSphere resources (such as enterprise beans, JSP files, servlets, HTML files) and Domino resources (such as documents in a Domino database), or when accessing resources in multiple WebSphere domains. This authentication is supported only when LTPA is the authentication mechanism. Single signon uses HTTP cookies to achieve this functionality.

When single signon is enabled, a cookie is created with the LTPA token in it. When the user accesses some other Web resource or Domino resource in any other WebSphere or Domino process in the same DNS domain, the cookie is sent in the request. The LTPA token is then extracted from the cookie and is validated. If the request is between different cells of WebSphere Application Servers, the LTPA keys and the user registry should be shared between the cells for single signon to work. For more information, see Prerequisites and conditions for single sign-on.

The LTPA authentication mechanism requires that single signon is enabled if any of the Web applications use form login as the authentication method.

Configure single signon between multiple WebSphere Application Server domains

Complete these steps to configure single signon for multiple WebSphere Application Server domains:

1. Prerequisites and conditions for single sign-on.
2. Configure single signon and LTPA for WebSphere Application Server.

Configure single signon between WebSphere Application Server and Lotus Domino

Complete these steps to configure single signon for WebSphere Application Server and Domino:

1. Prerequisites and conditions for single signon.
2. Configure single signon and LTPA for WebSphere Application Server.
3. Configure single signon for Lotus Domino.
4. Verify single signon between WebSphere Application Server and Lotus Domino.