Integrate Software AG Products Using Digital Event Services : MashZone NextGen Help : Appendix : Administration : MashZone NextGen Add-On for SharePoint (P4S) : P4S Configuration and Administration, SharePoint 2010 : Planning Authentication for P4S 2010 : Authentication Designs for P4S 2010
Authentication Designs for P4S 2010
The user experiences that you can deliver using MashZone NextGen Add-On for SharePoint (P4S) 2010 depend on your SharePoint environment and how SharePoint and MashZone NextGen Servers are deployed. The factors that determine an authentication architecture include:
*SharePoint Version and Authentication: using Microsoft SharePoint Server (MSS) 2010:
*With the Secure Store Service to provide a true single sign-on experience for P4S users. Other factors in your environment also play a part in supporting single sign-on.
The Secure Store Service stores user credentials for additional applications, such as the MashZone NextGen MashZone NextGen Server, accessed from SharePoint. User credentials are organized by target application, also known as an SSO Application Name, allowing the Secure Store service to handle credentials for different applications. You can store user credentials under one SSO Application name to provide credentials that several MashZone NextGen Servers share, allowing users to access mashups and apps from those MashZone NextGen Servers seamlessly, or keep credentials for some MashZone NextGen Servers separate using different SSO Application Names.
*WithoutSecure Store Service: this prevents a full single sign-on experience, but can still support SSO with an initial challenge experience depending on other factors in your SharePoint environment.
Note:  
P4S is not currently compatible with third-party single sign-on solutions, such as Netegrity SiteMiner, that are agent-based. If your SharePoint environment uses a third-party SSO solution, users may work in MashZone NextGen Hub with SharePoint to create mashables, mashups and apps. However, users cannot use P4S actions in SharePoint and cannot publish mashups or apps to SharePoint.
*SharePoint and MashZone NextGen MashZone NextGen Server Domains: how you deploy MashZone NextGen Servers in your SharePoint environments affects the choices for authentication. If single sign-on is not possible, deploying SharePoint servers and MashZone NextGen Servers in the same domains enables the use of cookies to simplify authentication.
*User Repository: sharing the same user repository, such as an Active Directory or LDAP Directory, for both SharePoint servers and MashZone NextGen MashZone NextGen Servers supports a true single sign-on experience. This enables MashZone NextGen Servers to use the same credentials as SharePoint.
Note:  
Currently there is a known issue for authentication challenges for mashups published in Mashup Web Parts when the user repository is shared. For mashups users will be challenged initially for mashups.
The combination of these factors produce three authentication architectures that you can use. The following table summarizes which architectures can be applied to specific environments and the resulting user experience:
Authentication Architecture
MSS + Secure Store
MSS + No Secure Store
SharePoint / MashZone NextGen Server in Same Domains
SharePoint / MashZone NextGen Server in Different Domains
SharePoint / MashZone NextGen Server Share User Repository
User Experience
SSO + Token Authentication
Full SSO
Initial challenge
SSO + Cookie Authentication
Initial challenge
Initial challenge
No SSO, Manual Authentication
All challenges
All challenges
Copyright © 2017 Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback