What is Single Sign On (SSO) ? How Portals supports this feature?


The goal of single sign-on is to provide a secure method of authenticating a user one time within an environment and using that single authentication (for the duration of the session) as a basis for access to other applications, systems, and networks.

There are two single sign-on realms; the realm from the client to portal and other web applications and the realm from the portal to the back-end applications.

Single sign-on for the client realm is established either via the Lightweight Third Party Authentication (LTPA) token or via an Authentication Proxy. Backend single sign-on can be established with the LTPA token functionality if accepted by the back end application either via the Credential Vault Portlet Service or the Java Connector architecture.

Credential vault provides a mechanism that assists a portlet in retrieving one of several representations of a user's authenticated identity, which the portlet can then pass to a back end application. Using single sign-on, a user can authenticate once when logging in to Portal, and the user's identity is passed on to applications without requiring additional identity verification from the user.

The Credential vault features two levels of single sign-on:

Active Credentials: Encapsulates the functionality of single sign-on for the portlet writer in an object provided by the Service.
Passive Credentials: More flexible but requires portlet writers to manage their own connections and authentication to backend applications with the Credentials (i.e. userid and password) they retrieved from the Credential Vault.

No comments:

Post a Comment

Recent Posts

Popular Posts

© 2011-2019 Web Portal Club