Global sign-on overview
Global sign-on (GSO) grants users access to the computing resources they are authorized to use through a single login. GSO is designed for large enterprises that consist of multiple systems and applications within heterogeneous, distributed computing environments. GSO eliminates the need for users to manage multiple user names and passwords. The integration is achieved by creating "aware" junctions between WebSEAL and back-end web servers. The GSO data can be stored in either the ISAM user registry or an external source that WebSEAL communicates with through a RESTful web service. The web service must be accessed through a junction local to the WebSEAL instance. This setup allows all of the advanced junctioning capabilities (for example: HA, failover, SSO) to be used on these web service requests. For security purposes, this junction must be set up to prevent external access. We can achieve such setup by changing the ACL so that no user has read permission on this web service. When WebSEAL sends the GSO RESTful web service request via the junction, it automatically bypasses the policy definition for the junction.
When WebSEAL receives a request for a resource that resides on a junctioned server configured to require GSO credential information, it attempts to locate the credential information from the ISAM user registry or the external GSO data source.
Parent topic: Single Sign-on Solutions