The philosophy behind the HTTP single sign-on is to preserve user authentication to different Web Applications. Its goal is to avoid prompting the user multiple times for security credentials within a given trust domain that includes:
- Cooperating but disparate WebSphere Application Server servers.
- Cooperating applications such as LDAP servers such as IBM Directory Server.
In a single sign-on (SSO) scenario, an HTTP Cookie is used to propagate a user's authentication information to disparate Web servers relieving the user from entering authentication information for every new client-server session (assuming basic authentication).
Attention
There are several key limitations of single sign-on when it is used with WebSphere Commerce. These limitations are:
- The LTPA cookies may flow across different web server ports.
- You need to modify the instance.xml and ensure that the MigrateUsersFromWCSdb flag is set to "ON".
- The machines participating in the single sign-on configuration must have their system clocks synchronized.
- Single sign-on is only supported between applications that can read and issue the WebSphere Application Server Light Weight Third Party Authentication (LTPA) token.