IBM BS029ML Self Help Guide - Page 52
Single Sign-On (SSO), Out-of-the-box SSO with WebSphere Portal Server
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 52 highlights
External Security Managers also address much larger problems, such as enterprise SSO (Single Sign-On), complex authentication, and centralized authorization. 2.6.3 Single Sign-On (SSO) Single Sign-On (SSO) is the term used to describe a system or mechanism where users need to undergo a minimum number of explicit authentication steps in order to be given access to multiple systems or services. SSO enhances user convenience by automating access to all authorized servers and services through a single authentication process. This capability eliminates the need to remember multiple sign-on processes, user IDs, or passwords. Moreover, by this single action, user authentication errors are reduced. The purpose of SSO is to: Provide a SSO capability for all Web-based applications. A user should only need to log in one time to one entity to obtain access to all authorized applications and content, which may reside on various servers. Provide a centralized point of authentication, generating a valid credential (ticket, cookie, and so on). Remove the need for application developers to specifically authenticate users within their application code. The intricacies of security can be abstracted from such applications. Provide a cross-platform security solution. Experience has shown that there is a need to maintain operating system independence for Web-based application security. Provide the ability to control access to Web applications and content, which may be hosted through multiple Web servers, at the URL level. Provide the ability to make fine-grained authorization decisions within applications. While this is not an immediate deployment requirement, the solution must allow for this capability to be added. Support browser based access to applications from both customers and employees. From their desks, internal users may access both internet-hosted applications and internal applications. At this time, there is no requirement for employees to have access to internal applications from the internet. What SSO is not: An Identity Management Solution. A Federated Identity Management Solution. Out-of-the-box SSO with WebSphere Portal Server WebSphere Portal Server, or rather the underlying WebSphere Application Server instance, provides SSO functionality out-of-the-box. However, it is important to understand the capabilities and constraints associated with such a deployment. This statement is made in as much that the out-of-the-box SSO functionality may be insufficient for some enterprise-wide implementations, but also in the context that the adoption of an External Security Manager may simply be overkill. Key points to note about the out-of-the-box SSO provided with WebSphere Portal Server are: SSO is based on the Lightweight Third-Party Authentication (LTPA) token, which is an IBM proprietary standard. It is suitable for achieving SSO between WebSphere and Domino based products only. 38 IBM WebSphere Portal V6 Self Help Guide