Secure the WSRP Consumer using HTTP-cookie-based single sign-on
We can configure the WSRP Consumer to use HTTP-cookie-based single sign-on. For this option, configure the WSRP Consumer to send or forward LTPA V2 single sign-on cookies as part of the WSRP request message to the WSRP Producer.
The single sign-on cookie represents a security credential that both by the WSRP Consumer and the WSRP Producer understand. The WSRP Producer receives the cookie and establishes the corresponding security context for the user on the Producer side. For using HTTP-cookie-based single sign-on, the WSRP Consumer must not use Web Services Security with the Producer definition.
To configure single sign-on between the WSRP Consumer and the WSRP Producer...
- The WSRP Consumer and the WSRP Producer must be configured to use a shared user registry.
- The LTPA keys must be exchanged between WSRP Consumer and WSRP Producer.
Configure the WSRP Consumer for HTTP-cookie-based single sign-on
For cookie forwarding of the LTPA v2 cookie, follow the description given in Customize client cookie forwarding. Create a cookie forwarding rule for the cookie named LtpaToken2. To include the Producer host and the hosts of all resources that are linked by the remote portlets, choose the hostdomainname parameter.
The following example properties contain cookie forwarding rules for using HTTP-cookie-based single sign-on:
- wsrp.consumer.cookieforward.LtpaToken2 = alpha.domain.com
- wsrp.consumer.cookieforward.LtpaToken = alpha.domain.com
- With these settings, the WSRP Consumer forwards the LTPA v1 and LTPA v2 cookies that it received from the clients to the Producers and resources on host alpha.domain.com.
- wsrp.consumer.cookieforward.LtpaToken2 = .domain1.com,.domain2.com
- With this setting, the WSRP Consumer forwards the LTPA v2 cookie that it received from the clients to all Producers and resources on hosts in the domains domain1.com and domain2.com
Parent topic:Configure security on the Consumer portal
Related:
Secure the WSRP Producer by HTTP-cookie-based single sign-on
Customize Client Cookie Forwarding