GSO embedded storage

GSO data can be stored in the ISAM user registry and provided to WebSEAL through its LDAP service. GSO resources and GSO resource groups must first be created with the Web Portal Manager or pdadmin utility.

1. The client authenticates to WebSEAL with a request for access to an application resource on a back-end server. A ISAM identity is obtained. The single signon process is independent of the initial authentication method.

2. WebSEAL passes the ISAM identity to the user registry server.

3. The registry returns a user name and password appropriate for the user and the requested application resource.

4. WebSEAL inserts the user name and password information in the HTTP BA header of the request or FSSO forms data. That request is sent across the junction to the back-end server.

Parent topic: Global sign-on overview