A client is asked to provide user name and password information only once. The provided identity propagates throughout the system.
When a client request flows through multiple systems within the enterprise, the client must authenticate only once. This concept of identity propagation is solved using a single sign on method.
The authenticated context is propagated to downstream systems, which can apply access control.
Either Tivoli® Access Manager WebSEAL or Tivoli Access Manager plug-in for Web servers can be used as reverse proxy servers to provide access management and single sign on capability to WebSphere® Process Server resources. Details of how to configure these tools can be found in the WebSphere Application Server documentation.