Administer > Manage WebSphere Commerce features > WebSphere Commerce integration with WebSphere Portal
Single sign-on (SSO) and WebSphere Commerce Portal
When integrating with a WebSphere Portal, there are multiple types of authentication available to you to use.
Single sign-on provides a secure method of authenticating a user within an environment then using that authentication (for the duration of the session) as a basis to access other applications, systems, and networks.
WebSphere Portal server authenticates the user, and the credentials are passed into WebSphere Commerce. These credentials map the WebSphere Portal user to an appropriate WebSphere Commerce user in the member subsystem. This mapping of credentials achieves the single sign-on experience.
WebSphere Portal server performs some static content authorization, such as page and portlet access permissions. However, all WebSphere Commerce specific authorization, such as fine grain (content level) access control will still be performed by the WebSphere Commerce Server and not on the WebSphere Portal server side.
Runtime and development environment configurations
Note: Basic Authentication has been deprecated in WebSphere Commerce integration with WebSphere Portal. It is strongly recommended to migrate to the suggested LTPA configuration.
See Configure WebSphere Portal with WebSphere Commerce for more information.
Runtime configurations
Runtime Authentication Options WebSphere Portal VMM WebSphere Commerce LTPA (default) Administrative security and Application security enabled Federated user repository with LDAP Administrative security enabled Basic Authentication Administrative security and Application security enabled Federated user repository with LDAP Administrative security enabled
Development environment configurations
Development Environment Authentication Options WebSphere Portal VMM WebSphere Commerce Simulated SSO (default) Administrative security and Application security enabled Not required Security disabled Basic Authentication Administrative security and Application security enabled Federated user repository with LDAP Administrative security enabled LTPA Administrative security and Application security enabled Federated user repository with LDAP Administrative security enabled
WebSphere Portal always has security enabled by default. This configuration setting, however, should not affect which level of security that WebSphere Commerce has enabled, that is administrative, application, or both.
Single sign-on authentication types
WebSphere Commerce and WebSphere Portal integration requires that you choose an authentication type. For a development environment, sharing user repository between WebSphere Commerce and WebSphere Portal is typically not a main concern during code development.
To avoid configuring a common user repository while developing code, the simulated single sign-on authentication option can be used.
The WebSphere Commerce Server production environment must use the LTPA authentication/single sign-on method.
Lightweight third party authentication (LTPA)
Use LTPA is the recommended approach for the production environment. This option requires WAS administrative security to be enabled on both the WebSphere Commerce server and the WebSphere Portal server. There will be a percentage of performance penalties on the WebSphere Commerce server when application security is enabled, and therefore it is recommended that WebSphere Commerce server should not run with application-level security enabled. LTPA is the most secure way for deploying the portlet in the production environment. As the LTPA token is used here, single sign-on is automatically handled by WAS.
Simulated Single Sign-On (Simulated SSO)
Simulated Single Sign-On (Simulated SSO) is used for ease of setup in the development environment in RAD, where the portlet developer can be setup and running without enabling security and without using LDAP. Since security in a development environment is not a major concern, the developer can be setup and running as quickly as possible. This option allows the use of a predetermined WebSphere Commerce user ID, and the system will automatically use that credential to perform authentication through a WebSphere Commerce web service, without having the WebSphere Portal user being aware of this operation. Doing so can achieve the single sign-on experience while inside the development environment, without the complexities of enabling security and configuring VMM and LDAP.
Basic Authentication (BA)
Basic Authentication has been deprecated in WebSphere Commerce integration with WebSphere Portal. It is strongly recommended to migrate to the suggested LTPA configuration.
See Configure WebSphere Portal with WebSphere Commerce for more information.
Basic Authentication is the alternative single sign-on configuration for not enabling security on the WebSphere Commerce server and can therefore avoid the performance degradation. This option is intended only for backward compatibility purposes. The recommended SSO configuration is LTPA for the runtime environment. Note that a logon module is required to be installed on the WebSphere Portal server, for capturing the user credentials at the time when signing on to the WebSphere Portal server.
- Lightweight Third Party authentication
Using Lightweight Third Party Authentication is the recommended approach for the production environment. This option requires global security to be enabled on both the WebSphere Commerce Server and the WebSphere Portal server. An LTPA token is used here and single sign-on is automatically handled by the WebSphere Application Server.
- Simulated single sign-on
Simulated single sign-on is provided for ease of setup in Rational Application Developer where the portlet developer can be up and running without enabling security and without using LDAP. Speed of setup takes precedence over security in a development environment.
- Basic authentication
Basic authentication is an authentication method that is designed to allow client programs to provide credentials - in the form of a user name and password - when making a request. Although the scheme is implemented, it relies on the assumption that the connection between the client and server computers is secure and can be trusted. Specifically, the credentials are passed as plain text and could be intercepted .
Related concepts
WebSphere Commerce integration with WebSphere Portal
Maintain the WebSphere Commerce portlet application
WebSphere Commerce Portal Integration site architecture
Related tasks
Configure WebSphere Portal with WebSphere Commerce
Configure basic authentication for WebSphere Commerce
Configure basic authentication for WebSphere Portal
Configure WebSphere Portal with WebSphere Commerce using basic authentication
Configure WebSphere Portal with WebSphere Commerce using simulated single sign-on
Enable WebSphere Portal security with a LDAP user registry
Configure simulated single sign-on for WebSphere Portal
Related reference
WebSphere Portal integration prerequisites
WebSphere Portal integration prerequisites for the WebSphere Commerce machine
WebSphere Portal integration prerequisites for the WebSphere Portal machine