Administrator

Single Sign-On

Single sign-on (SSO) is token-based authentication in which an SSO token is passed in an HTTP header or cookie.

SSO enables users to access multiple, secure, independent systems by logging in once. Token-based authentication uses values from HTTP headers, cookies, or other tokens to authenticate users against their single sign-on systems.

You can configure single sign-on access to back-end resources using any of the following combinations of authentication providers and credential providers:
Table 50: Single Sign-On Options
SSO Mechanism Authentication Provider Credential Provider
Kerberos
  • HTTP
  • System Only
  • LDAP
  • SAML
  • X.509
Kerberos
Technical user (basic)

The user name and password that you configure for the endpoint are used to authenticate to the back end.

Any Any
X.509
  • HTTP
  • System Only
  • SAML
  • LDAP
Principal Propagation
X.509 X.509 Any except Principal Propagation
SSO2 HTTP and optionally, Populate JAAS subject from client N/A
Basic
  • HTTP
  • System Only
  • LDAP
N/A
Technical user (X.509)

The X.509 certificate that you configure using the alias in the endpoint is used to authenticate the back end.

Any Any
Custom cookies and headers Any Any