Plan for single sign-on
Single sign-on provides a secure method of authenticating a user one time within an environment and using that authentication (for the duration of the session) to access other applications, systems, and networks. In the context of IBM WebSphere Portal there are two single sign-on realms...
- From the client to the portal and other web applications
- From the portal to the backend applications.
Single sign-on for the client realm is established using...
- LTPA token functionality
- Authentication Proxy
The LTPA token can also establish backend single sign-on if the backend application accepts it through...
- Credential Vault portlet
- Java Connector architecture
WebSphere Portal and JAAS
Single sign-on uses only the authentication portion of Java Authentication and Authorization Services (JAAS), building a JAAS Subject for each logged on user. The Subject consists of Principals and Credentials.
- A Principal is a piece of data, such as the user ID or the distinguished name that gives the Subject's identity.
- A Credential is a piece of data, such as a password or a CORBA Credential that can be used to authenticate a subject.
The Subject carries around the Principals and Credentials that the portlet can use directly or through the credential service.
Parent topic
Security and authentication considerations