E-community single signon with virtual hosts

The E-community single signon feature can be used to do single signon between multiple virtual hosts on a single WebSEAL instance.

The virtual hosts all share the configuration file in the WebSEAL instance.

To support virtual host junctions, e-community single signon allows:

Configuration enhancements to e-community:

  • The [e-community-domain-keys] stanza is only appropriate for use with standard WebSEAL junctions. 
    [e-community-domain-keys]

  • The [e-community-domains] stanza lists the domains supported by virtual hosts. 
    [e-community-domains]

  • The [e-community-domain-keys:domain] stanzas contain the appropriate keys for each domain that is defined in the [e-community-domains] stanza. 

      [e-community-domain-keys:domain]

    Example:

    • One WebSEAL instance
    • Three virtual hosts (four virtual host junctions) forming an e-community: 
      www.ibm.com:80
www.ibm.com:443
www.lotus.com:80
www.tivoli.com:80
      www.ibm.com:80 and www.ibm.com:443 are a virtual host junction protocol pair. They were created with the -g virtual host junction option and therefore share the object space. They server the single virtual host www.ibm.com.
    • MAS is the virtual host www.ibm.com

    • WebSEAL configuration file: 

        [e-community-sso]
is-master-authn-server = yes
master-authn-server = www.ibm.com

[e-community-domains]
name = ibm.com
name = tivoli.com
name = lotus.com

[e-community-domain-keys:ibm.com]
ibm.com = ibm.key
tivoli.com = ibm-tivoli.key
lotus.com = ibm-lotus.key 

[e-community-domain-keys:tivoli.com]
tivoli.com = tivoli.key
ibm.com = ibm-tivoli.key

[e-community-domain-keys:lotus.com]
lotus.com = lotus.key
ibm.com = ibm-lotus.key

    Parent topic: Virtual Hosting