Single sign-on for authentication
With single sign-on (SSO) support, web users can authenticate once when accessing both WebSphere® Application Server resources, such as HTML, JavaServer Pages (JSP) files, servlets, enterprise beans, and Lotus® Domino® resources, such as documents in a Domino database, or accessing resources in multiple WebSphere Application Server domains.
There are various ways to accomplish SSO, with the most common in WebSphere by using LTPA cookies. LTPA cookies do not require any particular client and allow SSO across different cells provided the registry and LTPA keys are the same.
There are other types of SSO, including Simple and Protected GSS-API Negotiation (SPNEGO), which is a way to use the token from a Kerberos login (typically Windows) to authenticate to WebSphere Application Server. This prevents the user from having to type in their userid and passwords again.
TAIs are also a form of single sign-on when used in combination with a Proxy server that does the front-end authentication. The TAI allows the credentials to flow to WebSphere from the Proxy server and to be used to log in without the need to reauthenticate the user.