Configuring My webMethods Server Single Sign-On
Single sign-on (SSO) enables a user to log into one application and then use other applications without having to log into each one separately. My webMethods Server supports single sign-on through the Security Assertion Markup Language (SAML), an XML-based framework for the exchange of security information. Using SAML, an entity on a target computer grants access based on an assertion from the source computer that the user is logged into the source computer.
With SAML 1.0, My webMethods Server can provide a single sign-on capability in the following ways:
Between a source server and one or more target servers
Between a server and other
webMethods applications that have single sign-on capability
Between a server and a third-party application that supports SAML
(Deprecated) Between a server, an Artifact Receiver that authenticates the user sign-on, and a target web application
Using this model, one server is the source, providing a central login for users. Links on pages on the source server point to any number of SAML-capable entities. Also, a target server can accept assertions from any number of servers as long as the truststore of the target server has the certificate of the source server.
To take advantage of single sign-on, a user must be known on both the source server and the target entity. In most cases, common knowledge of a user is provided by use of the same directory service.
With SAML 2.0, you can configure My webMethods Server to authenticate users, registered with a third-party identity provider, using both Identity Provider (IDP) initiated and Service Provider (SP) initiated SSO flow.
To configure any of the supported SSO flows, you must add the certificate used in signing the assertion to the truststore of the target
My webMethods Server instance. For more information, see
Importing CA Certificates.