Administer > Manage WebSphere Commerce features > WebSphere Commerce integration with WebSphere Portal > Single sign-on (SSO) and WebSphere Commerce Portal
Lightweight Third Party authentication
Use Lightweight Third Party Authentication is the recommended approach for the production environment. This option requires global security to be enabled on both the WebSphere Commerce Server and the WebSphere Portal server. An LTPA token is used here and single sign-on is automatically handled by the WebSphere Application Server.
The LTPA token is stored as a Java Authentication and Authorization Service (JAAS) subject pair of the active credential object. Refer to Java Authentication and Authorization Service (JAAS) for more information. Both the source server, such as WebSphere Portal server where the LTPA token is generated, and the target server, such as WebSphere Commerce where the LTPA token is validated, must have WebSphere Application Server global security enabled. WebSphere Application Server provides a cache timeout for LTPA tokens such that subsequent validation of the same requests may be ignored and reloads from the security cache instead.
Lightweight Third Party Authentication in a production environment
Using LTPA is the recommended approach for a production environment. This option requires global security to be enabled on both the Commerce server and the Portal server. Because LTPA token is used here, single sign-on is automatically handled by WAS.
It typically requires:
- Web server for Portal server
- Portal server
- Global security enabled for the Portal server with LDAP as the user registry and LTPA as the authentication mechanism.
- Web server for Commerce server
- Commerce server
- Global security enabled for the Commerce server with LDAP as the user registry and LTPA as the authentication mechanism.
- LDAP server is shared by the Portal and Commerce servers
- Portal and Commerce servers share the same SSO domain name.
- Portal and Commerce servers share the same LTPA key file and password.
Portal server communicates with the Commerce Web server for Commerce Web services. For non-secure communication, port 80 is used. For secure communication, the Commerce tools port (typically port 8000) is used.
Lightweight Third Party Authentication in a test environment
LTPA is another possible SSO mechanism in a test environment. This option requires global security to be enabled in both the Commerce test environment and the Portal test environment. Because LTPA token is used here, single sign-on is automatically handled by WAS.
It typically requires:
- Portal test environment in RAD 7.5
- Global security enabled in the Portal test environment with LDAP as the user registry and LTPA as the authentication mechanism.
- Commerce test environment in RAD 7.5
- Global security enabled for the Commerce test environment with LDAP as the user registry and LTPA as the authentication mechanism.
- LDAP server is shared by the Portal and Commerce test environments
- Portal and Commerce test environments share the same SSO domain name.
- Portal and Commerce test environments share the same LTPA key file and password.
Portal test environment communicates with the Commerce test environment through the non-secure port only (port 80).