Appendix : Administration : MashZone NextGen Add-On for SharePoint (P4S) : P4S Configuration and Administration, SharePoint 2007 : Planning Authentication for P4S 2007 : Authentication Designs for P4S 2007 : SSO + Token Authentication
SSO + Token Authentication
This authentication design can be used when you have chosen to use the Single Sign-On service in SharePoint to store user credentials for external applications, such as MashZone NextGen Servers. This can be used when MashZone NextGen Servers are hosted in different domains or in the same domain as SharePoint.
This solution uses the Token Service that is installed with P4S. The Token Service generates a token ID for a user’s SharePoint session when they access mashups or apps. The requests sent to the MashZone NextGen Servers that host these mashups or apps include:
*A ticket with the user’s token ID
*An SSO Token Server Name.
Both SharePoint and MashZone NextGen Servers must be configured with the SSO Token Server Name and the connection information to communicate with the Token Service. MashZone NextGen Servers use this SSO Token Server Name to connect to the Token Service and redeem the user ticket and credentials.
Users receive a login challenge the first time they access mashups or apps hosted in a MashZone NextGen Server for a given SSO Application Name (a target application) in SharePoint configuration. The credentials they enter for this initial login challenge are then stored by the SharePoint SSO service under the SSO Application configured for that connection.
Note:  
MashZone NextGen Servers use only basic user credentials (username and password). They do not accept NTLM credentials which include Windows domains as part of the user name.
For all subsequent requests to MashZone NextGen Servers with that same SSO Application name, MashZone NextGen Servers retrieve user credentials via tokens and the Token Service and then authenticate them and retrieve user authorization information from the MashZone NextGen User Repository.
You can have each SSO Application store user credentials for one or several MashZone NextGen Server connections in SharePoint.
Copyright © 2013-2017 Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback