WebFacing and Single Sign-on: Exploiting Identity Tokens in Multi-Tier Web Applications

An IBM Redpaper publication

Published 23 February 2006

cover image

IBM Form #: REDP-4081-00
(80 pages)

More options


Authors: Davis Marasco, Patrick Botz,


This IBM Redpaper describes how to build applications that run in multi-tier, heterogeneous, Web-based environments, while, at the same time, easily enabling those applications for single sign-on.

Multi-tier applications are those that run on three or more separate systems. They typically include a "fat client" running a browser-based user interface that accesses a middle-tier application residing in a DMZ that accesses a "server application" running on a back-end system inside the firewall.

They are distinct from two-tier (also known as client/server) applications, but share all of the same security issues, only magnified because of the additional tiers.

Multi-tier applications are also typically heterogeneous, meaning that two or more of the systems involved are different types. For example, the browser might run on a PC, the Web application server on IBM AIX 5L, and the back-end server on IBM i5/OS.

Multi-tier, heterogeneous applications provide a number of challenges with respect to security. It can be very difficult to build these applications in a way that limits, much less reduces, the costs of securely using and those applications and the resources they access.

This paper shows you how this can be accomplished.

Table of contents

Chapter 1. Introduction: Authentication and multi-tier, heterogeneous applications
Chapter 2. Technology overview
Chapter 3. Exploiting identity tokens in multi-tier, heterogeneous applications
Appendix A. Additional material

Follow IBM Redbooks

Follow IBM Redbooks