Authentication process for SSP-SSO to SEAS

Body

Sterling Secure Proxy can be used as a proxy with Sterling B2B Integrator and Sterling File Gateway and supports a single sign-on connection for Sterling Connect:Direct connections.

Single sign-on (SSO) bypasses the normal user authentication process in Sterling B2B Integrator and instead trusts that Sterling
Secure Proxy has authenticated the user.

To allow an SSO connection between a trading partner and Sterling Secure Proxy
to route traffic to Sterling B2B Integrator, you configure OpenSAML v2.0 tokens in
Sterling External Authentication Server.

When issues occur it is helpful to understand the authentication process flow for this type of setup.

http://www.ibm.com/support/docview.wss?uid=swg27043342

Before you complete the single sign-on configuration, be aware of the following considerations:

• Only the HTTP, Sterling Connect:Direct, FTP, and SFTP protocols support single sign-on connections.
• When Sterling Secure Proxy is configured to use SSO and the Sterling External Authentication Server user authentication profile is configured to return a mapped user ID, the mapped user ID, not the original user ID, and the SSO token are sent to the back-end system for user authentication.
• The Sterling Secure Proxy Change Password Portal requires an HTTP adapter, which is an optional, licensed component of Sterling Secure Proxy, and a license for the Change Password Portal. Refer to Configure Change Password Portal instructions to configure this feature.
• If you are using a load balancer to run multiple Sterling Secure Proxy engines, avoid login credential errors by configuring the load balancer to use persistence or "sticky connections." Refer to your load balancer documentation for details about configuring persistence.