+

Search Tips   |   Advanced Search

Plan for single sign-on


Single sign-on authenticates a user once, and uses that authentication, for the duration of a session, to access other applications, systems, and networks.

There are two single sign-on realms...

client ==> portal Established using LTPA tokens or an Authentication Proxy.
portal ==> backend Established using LTPA tokens if the backend application accepts them through the Credential Vault or the Java Connector architecture.


WebSphere Portal and Java Authentication and Authorization Services

Single sign-on uses only the authentication portion of JAAS. WebSphere Portal builds a JAAS Subject for each logged on user. The Subject consists of Principals and Credentials. A Principal is a piece of data, such as the user ID or the distinguished name that gives the Subject's identity. A Credential is a piece of data, such as a password or a CORBA Credential used to authenticate a subject. The Subject carries around the Principals and Credentials that the portlet can use directly or through the credential service.


Parent: Security and authentication considerations
Related: Authentication Federal Information Processing Standards
Secure communications using SSL
Credential Vault
Caching considerations
LTPA