How SSO works
Many possible configurations can insert the user name into the HTTP header. Configurations on a reverse proxy web server, configurations at the application server layer, or various authentication plug-ins at each of those layers can insert the user name into the HTTP header.
In general, the process occurs in the following order.
- The user enters the web server URL in a browser or accesses the application by using a client.
- The user might be prompted to enter a user name or password or seamless sign-on might occur. Seamless sign-on, where the server does not challenge the browser or client, is not supported in some configurations.
- The web server, application server, or authentication plug-in verifies the information with the authentication source.
- If the login is successful, the web server appends the user credentials to the HTTP header and sends them to the application server.
- The application server processes the user credentials and logs in the user to the application.
Note: In the IBM
TRIRIGA Workplace Reservation Manager application,
if you click a link such as the Building link in the Find Room/Resource dialog,
a browser instance opens in a new window and you are prompted to log in. The login request occurs
because of security constraints; the session and login configuration cannot be shared between
Outlook and the
browser.