Forms single sign-on concepts
Forms single sign-on authentication supports existing applications that use HTML forms for authentication. It cannot be modified to directly trust the authentication that is done by WebSEAL.
Enable forms single sign-on authentication produces the following results:
- WebSEAL interrupts the authentication process that is initiated by the back-end application
- WebSEAL supplies data required by the login form and submits the login form on behalf of the user.
- WebSEAL saves and restores all cookies and headers
- The user is unaware that a second login is taking place.
- The back-end application is unaware the login form is not coming directly from the user.
- If the credential learning function is enabled, WebSEAL can learn the user name and password information so that future requests to the same junctioned resource does not prompt the user for authentication.
Configure WebSEAL:
- To recognize and intercept the login form
- To complete the appropriate authentication data
The administrator enables forms single signon by:
- Create a configuration file to specify how the login form is to be recognized, completed, and processed
- Enable forms single signon by configuring the appropriate junction with the -S option (which specifies the location of the configuration file)
- Forms single sign-on process flow
Learn about the single sign-on process so that we understand how a client browser accesses a resource.- Forms single sign-on learning flow
We can configure WebSEAL to learn our user name and password information so that future requests to the same junctioned resource will not prompt you for authentication.- Requirements for application support
Single signon for forms authentication is supported on applications that meet the specific requirements.- Creation of the configuration file for forms single signon
The forms single signon configuration file is custom-created by the administrator and saved in any location.
Parent topic: Single Sign-on Solutions