Single Sign-On

Single Sign-On (SSO) is an option that controls whether user credentials are forwarded to back-end Web resources. Configuring the appliance to use SSO prevents the user from having to log in multiple times (once to get to the appliance, and again to access an application resource).

The ability to support dynamic run time forms using SSO authentication has been added. This feature provides logged-in users the capability to Single Sign On to web applications that use HTML forms. For more details on how to configure SSO authentication, refer to the SMA 12.4 Administration Guide.

The appliance supports several types of Web-based SSO:

• Basic authentication forwarding is a widely supported form of authentication forwarding, but is not very secure because it sends passwords in the clear across the network. The appliance can be configured to send each user’s unique authentication credentials, or static credentials (that is, the same credentials for all users). Basic authentication forwarding is configured within a Web application profile, which is assigned to one or more application resources in AMC.
• Domain authentication forwarding provides a secure method for sending Windows network credentials to a Microsoft IIS (Internet Information Services) Web server. NTLM (Windows NT LAN Manager, also known as Windows NT challenge/response authentication) uses a challenge/response mechanism to securely authenticate users without sending passwords in the clear across the network. Domain authentication forwarding passes a Windows domain name along with the user’s authentication credentials.