When SSO is required with WebLogic Server , it can be achieved by using the WebLogic Server authentication provider or a custom authentication provider. Consult the WebLogic Server documentation for further information on authentication providers. WebLogic Server expects credentials/principals and the group the user belongs to, to be added by the configured authentication provider. For an SSO solution the Cúram JAAS login module does not add credentials to the JAAS subject to allow for an alternative authentication provider to be responsible for adding credentials.
Credentials are not added if the following settings are in place:
As mentioned in Deployment of an External Application , there are properties relating to the type of external user that control if credentials are added to WebLogic Server for a specific external user type. These include:
These properties provide fine grained control over authentication for external user types.
The responsibility for adding credentials is left to another authentication provider, i.e., the main authentication provider for authenticating the user. In an SSO scenario, only one of the authentication providers needs to add credentials to the JAAS subject during the commit() method of the login module for a user