A Secure Portal Extended With Single Sign-On

Many portals are required to access external applications that need some form of user authentication. In most cases, the user credentials required by these applications will differ from those used by WebSphere Portal. While it is possible for the portlet to prompt the user for this credential information and then present it to the external application, such an approach is seldom implemented due to the unsatisfactory user experience. Therefore, a single sign-on (SSO) is required to provide seamless access to the different applications in a portal solution.
Implementing a secure portal using an external security manager is part of solving this problem. This provides a centralized access management system. It is also a basis for creating an SSO domain for multiple applications that can share common user credentials. However, back-end applications can still exist outside of this domain because of a need for specific custom user IDs and passwords. For these, we can use credential mapping to map the common credential to the back-end one. This is implemented as Credential Service in WebSphere Portal.
This publication is intended to help IT architects, IT specialists, security architects, and security administrators with understanding and implementing a secure portal with SSO. This publication is built on and extends A Secure Portal Using WebSphere Portal V5 and Tivoli Access Manager V4.1, SG24-6077.

• IBM WebSphere Application Server V6.1 Security Handbook, SG24-6316-01
• IBM WebSphere Portal V6 Self Help Guide, REDP-4339-00
• WebSphere Application Server V6 System Management & Configuration Handbook, SG24-6451-00

Publish Date
24 February 2004

Rating:
(based on 3 reviews)

Rate this paper

Author(s)

Michele Galic is an IT Specialist at the International Technical Support Organization, Raleigh Center. Her focus is on the WebSphere family of products and Patterns for e-business. She has 13 years of experience in the IT field. She holds a degree in Information Systems. Before joining the ITSO, Michele was a Senior IT Specialist in IBM Global Services in the Northeast, specializing in the WebSphere field.

• Michele Galic

Alison Halliday is an IT Architect from IBM Global Services, Sweden. She primarily works in the application architecture, design, and development of e-business and enterprise Java solutions. Alison has seven years of experience in the industry and holds a MSc (Computer Science) from Queen's University, Belfast, Northern Ireland. Her areas of expertise include the WebSphere family of products, J2EE, and Java.

• Alison Halliday

Andrew Hatzikyriacos is an IT Architect in South Africa. He has worked at IBM for 5 years and is currently with IBM Global Services - Strategic Outsourcing. Andrew has a BSc Honours degree from the University of the Witwatersrand, Johannesburg, South Africa, and has 12 years of experience in the IT field. His areas of expertise include Tivoli Enterprise Systems Management and Security Management.

• Andrew Hatzikyriacos

Sailaja Parepalli is a Software Consultant at Miraclesoftware systems, Inc., MI. She has 6 years of experience in software analysis, design, and development. Her software industry experience includes Business Analysis and Object Modeling using UML and Application, Web, and Portal development using Java/J2EE and WebSphere family of products. You can reach her at sparepalli@miraclesoft.com.

• Sailaja Parepalli

David Yang is a staff software engineer in the Solution Test team of the WebSphere Platform System House organization located in Research Triangle Park, North Carolina. He has worked with IBM in a variety of development and test roles and has areas of expertise in Java, Linux, WebSphere, security, and TCP/IP.

• David Yang

IBM Form Number
REDP-3743-00