Logon tickets represent the user credentials. The portal server issues a logon ticket to a user after successful initial authentication. The logon ticket itself is stored as a cookie on the client and is sent with each request of that client. It can then be used to authenticate the portal user to those external applications without further user logons.
You can use this section for portal specific configuration to enable SSO with logon tickets.
Logon tickets contain information about the authenticated user. They do not contain any passwords. Specifically, logon tickets contain the following items:
Portal user ID and one mapped user ID for SSO access with user mapping
Authentication scheme
Validity period
Information identifying the issuing system
Digital signature
When using logon tickets, one system must be the ticket-issuing system. This can either be the portal or another system. We recommend using the portal as the ticket-issuing system, since the portal can be a user's single point of access to all applications.
Technically, Single Sign-On (SSO) with logon tickets works as follows:
If the portal is the ticket-issuing system:
If another system is the ticket-issuing system:
The portal AS issues a logon ticket for the Internet domain or a subdomain of the portal only.
To allow SSO using logon tickets between the portal and its component systems you perform the following steps: