How SSO works

Many possible configurations can insert the user name into the HTTP header. Configurations on a reverse proxy web server, configurations at the application server layer, or various authentication plug-ins at each of those layers can insert the user name into the HTTP header.

In general, the process occurs in the following order.

  • The user enters the web server URL in a browser or accesses the application by using a client.
  • The user might be prompted to enter a user name or password or seamless sign-on might occur. Seamless sign-on, where the server does not challenge the browser or client, is not supported in some configurations.
  • The web server, application server, or authentication plug-in verifies the information with the authentication source.
  • If the login is successful, the web server appends the user credentials to the HTTP header and sends them to the application server.
  • The application server processes the user credentials and logs in the user to the application.
Note: In the IBM TRIRIGA Workplace Reservation Manager application, if you click a link such as the Building link in the Find Room/Resource dialog, a browser instance opens in a new window and you are prompted to log in. The login request occurs because of security constraints; the session and login configuration cannot be shared between Outlook and the browser.