Forms single sign-on concepts
Forms single sign-on authentication supports existing applications that use HTML forms for authentication. It cannot be modified to directly trust the authentication that is done by WebSEAL.
Enabling forms single sign-on authentication produces the following results:
- WebSEAL interrupts the authentication process that is initiated by the back-end application
- WebSEAL supplies data that is required by the login form and submits the login form on behalf of the user.
- WebSEAL saves and restores all cookies and headers
- The user is unaware that a second login is taking place.
- The back-end application is unaware that the login form is not coming directly from the user.
- If the credential learning function is enabled, WebSEAL can learn the user name and password information so that future requests to the same junctioned resource does not prompt the user for authentication.
Configure WebSEAL:
- To recognize and intercept the login form
- To complete the appropriate authentication data
The administrator enables forms single signon by:
- Creating a configuration file to specify how the login form is to be recognized, completed, and processed
- Enable forms single signon by configuring the appropriate junction with the –S option (which specifies the location of the configuration file)