Chat now with support
Chat with Support

Single Sign-On for Java 3.3.2 - Administration Guide

About this guide Introducing Single Sign-on for Java Preparing for Single Sign-on for Java Deploying Single Sign-on for Java
Getting started with Single Sign-on for Java Single Sign-on for Java and your web applications Setting up logging Controlling access to resources
Security Issues Maintenance and Troubleshooting Appendix: Configuration Parameters Appendix: Using the JKTools

Windows integrated authentication

To use Windows Integrated Authentication, clients must be running a browser that supports Kerberos authentication, such as Microsoft Internet Explorer, Mozilla Firefox, or Google Chrome. For Internet Explorer, you must enable the Integrated Windows Authentication option at: Tools | Internet Options | Advanced | Security.

You should also make sure that your application server is added to the Intranet Zone settings list, and that the browser is set for Automatic logon only in that zone.

  1. Select Tools | Internet Options | Security, select Local intranet
  2. Select Sites| Advanced and if necessary, Add either an entry for the application server, or a list entry which globally includes the domain for the application server -- for example, “http://*”.
  3. Select the Local intranet option again.
  4. Select Custom Level and ensure that the Security Settings | User Authentication option for Automatic logon only in Intranet Zone is selected.
  5. Restart Internet Explorer.

NTLM authentication

Windows Integrated Authentication provides a greater degree of security than NTLM authentication, so we recommend that users should attempt to use Windows Integrated Authentication unless it is unsupported by their client operating system or browser. To use NTLM for SSO, you need a version of Windows that supports NTLM challenge/response. For more information, see Setting up a client machine.

To set up Internet Explorer for NTLM authentication, configure the intranet for authentication:

  1. In Internet Explorer, on the Tools menu, click Internet Options.
  2. Click the Security tab.
  3. Click the Local intranet icon and then click Custom Level.
  4. Scroll down the Security Settings list to the User Authentication section, and select the Automatic logon only in Intranet zone option. This configures the intranet for SSO.
  5. Click OK.

Deploying Single Sign-on for Java

This chapter describes how to get started with Single Sign-on for Java using the supplied examples, and moves on to cover how to build SSO solutions using Single Sign-on for Java-protected servlets and JSPs.

Getting started with Single Sign-on for Java

The following sections describe how to get started with Single Sign-on for Java and how to configure the examples provided:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating