Flow of Data for Single Sign-On Configuration Between Sterling Secure Proxy, Sterling B2B Integrator and Sterling External Authentication Server.

Content

These are the steps that occur during a single sign-on session between a trading partner, Sterling Secure Proxy, and Sterling B2B Integrator when Sterling External Authentication Server is used to generate and manage tokens:

1. The trading partner requests a connection to Sterling B2B Integrator.
2. Sterling Secure Proxy receives the request, and the SSH handshake between Sterling Secure Proxy and the trading partner begins. The proxy submits its key to the trading partner.
3. Sterling Secure Proxy sends an authentication request to the trading partner, who provides his user ID and password. If public key authentication is configured, the trading partner submits his key to Sterling Secure Proxy for authentication. You can optionally configure Sterling Secure Proxy to enforce key authentication and also send the key to Sterling External Authentication Server for validation.
4. Sterling Secure Proxy sends either the user ID and password, key, or all three to Sterling External Authentication Server, and then validates this against information stored in LDAP.
5. If the credentials are valid, Sterling External Authentication Server creates an OpenSAML v2 token and returns the token to Sterling Secure Proxy.
6. Sterling Secure Proxy connects to Sterling B2B Integrator and performs an SSH handshake. Sterling Secure Proxy then sends the request with the token from Sterling External Authentication Server to Sterling B2B Integrator.
7. Sterling B2B Integrator validates the token against Sterling External Authentication Server and begins normal operation.

Configure a Single Sign-on Connection
http://pic.dhe.ibm.com/infocenter/ssp/v3r4/index.jsp?topic=%2Fcom.ibm.help.sspcdproxysso.doc%2FSSP_CDS_ConfSSOConxCD.html