Configuring Single Sign-On

Security Deployment of Common Authentication: Single Sign-On

A user requiring access to multiple secured applications is frequently prompted for a user and password to run the application in question. In certain cases, this means entering as many userids and passwords as there are applications.

A WebSphere feature called Single Sign-On (SSO) provides a way to sign on once and for all and guarantees authentication on a Websphere Application Server. The way the WebSphere server is secured is up to the WebSphere administrator to define. It can be an LDAP authentication method or an operating system method. Single Sign-On provides a single platform to authenticate users for all PLM Hubs.

Applications frequently need to access external systems and authenticate their users on these systems. The data allowing the connection are called credentials. The common SSO component provides a single way to define those credential sets and provides a web-based SSO Administration console to enable administrators to create a credential set for all their users. An administrator is responsible for creating users and their associated credential sets using the SSOAdminConsole application.

There can be only one credential set definition per external system. An administrator can define multiple instances of those credential sets. An instance can only be used by the user that owns it.

Once the credential set has been created, end users will only have to use one username and password whenever accessing applications. The username and password will typically be, for example, their LDAP username and password if an LDAP server has been implemented.

Note: SSO is NOT supported on HP-UX.

Configuring Single Sign-On involves the following three steps:

Configuring Credential Sets for Single Sign-On
Activating Single Sign-On