The number of applications in an enterprise often results in an increase in the number of usernames and passwords in use, resulting in poor user experience and additional cost of maintaining them. Multiple user names and passwords also compromise security as users either choose very simple passwords or write down their passwords in easy to find locations. For the system administrators additional applications result in an increased directory maintenance effort and fielding increased help desk calls to reset passwords. Some of the problems caused by additional applications can be resolved by using single sign-on functionality. Single sign-on (SSO) functionality allows users to access multiple secure applications by authenticating only once.
Single sign on is supported for the supported application servers, by allowing alternative mechanisms to be used alongside the Cúram login module. The implementation of an SSO solution is the responsibility of the custom implementation. It is recommended that a third party tool be used, e.g. IBM® Tivoli® ™ or CA SiteMinder.
This chapter describes the application server properties that allows use of an SSO solution.