Single sign-on authentication in ELM
Single sign-on (SSO) authentication is a mechanism where multiple related but independent software applications are configured so that a user logs in once and gains access to all systems, without the need to re-authenticate. IBM® Engineering Lifecycle Management (ELM) supports several types of single sign-on authentication. Use the protocol that is appropriate for your deployment configuration and needs.
- Kerberos/SPNEGO SSO authentication
- Jazz Security Architecture SSO authentication
- IBM WebSphere® Application Server with Lightweight Third-Party Authentication (LTPA) SSO authentication
Kerberos/SPNEGO SSO authentication
- Engineering Workflow Management browser-based client
- Engineering Workflow Management Eclipse client
- Engineering Workflow Management .NET clients:
- Engineering Workflow Management client for Microsoft Visual Studio IDE
- Engineering Workflow Management Windows Explorer integration
- Engineering Workflow Management MS-SCCI Provider
- Engineering Workflow Management SCM command-line interface
- Jazz build clients:
- Jazz Build Agent
- Jazz Build Engine for the Eclipse client
- Jazz Build Engine for IBM i
- Jazz Build Engine for z/OS
- Jazz Build System Toolkit
- Jazz repository tools command-line interface
For more information, see Configuring Kerberos/SPNEGO single sign-on authentication.
Jazz Security Architecture SSO authentication
Jazz Security Architecture SSO is an authentication protocol based on the OpenID Connect standard. It is an alternative single sign-on protocol to Kerberos/SPNEGO SSO, WebSphere Application Server with Lightweight Third-Party Authentication (LTPA) SSO. Jazz Security Architecture SSO is supported on all platforms and allows for single sign-on across applications that are installed in a mix of WebSphere Application Server.
Also, Jazz Security Architecture SSO eliminates the requirement for paired configuration of OAuth consumer keys. All applications that are configured for Jazz Security Architecture SSO can communicate with each other without a configuration for every possible source and destination relationship.
For new installations, you enable Jazz Security Architecture SSO by selecting it as an option during the installation process. For more information, see Installing the IBM Engineering Lifecycle Management by using IBM Installation Manager.
For existing installations, you enable Jazz Security Architecture SSO by performing a migration procedure after you upgrade to the current release. For more information, see Enabling ELM applications for Jazz Security Architecture single sign-on.
You can also use a variant of OIDC authentication where the Jazz Application Server is configured to delegate a third party identity provider to validate user credentials. See Application Passwords for Native Client Authentication with OpenID Connect for more details.
WebSphere Application Server with Lightweight Third-Party Authentication (LTPA) SSO authentication
You can configure single sign-on in a distributed environment on WebSphere Application Server by using the LTPA authentication protocol. With LTPA, a user's login credentials are stored in a session cookie that is available for the current browser session only. This cookie contains the LTPA token. For more information, see Deploying WebSphere Application Server by using single sign-on authentication
.WebSphere Liberty SSO authentication
You can configure single sign-on in a distributed environment on WebSphere Liberty by using the LTPA authentication protocol. For detailed instructions, see this Deployment wiki article.