Setting up Single Sign-On
Single sign-on is the ability for a user to log into one application and then use other applications without having to log into each one separately.
My webMethods Server supports single sign-on through the Security Assertion Markup Language (SAML), an XML-based framework for the exchange of security information. Using SAML, an entity on a target computer grants access based on an assertion from the source computer that the user is logged into the source computer. You need to add the certificate used in signing the assertion to the truststore on the target instance of
My webMethods Server. For more information, see
Importing CA Certificates.
My webMethods Server can provide a single sign-on capability in the following ways:
Between a source server and one or more target servers
Between a server and other
webMethods applications that have single sign-on capability
Between a server and a third-party application that supports SAML
Between a server and a third-party identity provider (IDP)
(Deprecated) Between a server, an Artifact Receiver that authenticates the user sign-on, and a target web application
Using this model, one server is the source, providing a central login for users. Links on pages on the source server point to any number of SAML-capable entities. Also, a target server can accept assertions from any number of servers as long as the truststore of the target server has the certificate of the source server.
To take advantage of single sign-on, a user must be known on both the source server and the target entity. In most cases, common knowledge of a user is provided by use of the same directory service.