Using Logon Tickets for Single Sign-On

Use

The SLD supports the use of logon tickets for Single Sign-On.

Prerequisites

·        The J2EE Engine of the SLD is configured to accept logon tickets from all ticket-issuing servers.

·        The J2EE Engine of the SLD must have a public and private key pair and a public-key certificate, if the SLD acts as a ticket-issuing application.

Activities

Adjust the login module stack for the application component sap.com/com.sap.lcr*sld to enable the SLD to accept logon tickets (and issue them, if necessary).

Login Modules

Flag

EvaluateTicketLoginModule

SUFFICIENT

BasicPasswordLoginModule

REQUISITE

CreateTicketLoginModule

OPTIONAL

The login module stack in the table above enables the SLD to evaluate the user’s logon ticket first. If the user presents a valid logon ticket, the SLD accepts the logon and stops further processing. If there is no valid logon ticket, the SLD authenticates the user by using Basic Authentication and issues a logon ticket for the user, if the authentication succeeds. The login module CreateTicketLoginModule is only required, if the SLD has to issue logon tickets itself.

For more information about the configuration of Single Sign-On for the J2EE Engine, see Using Logon Tickets for Single Sign-On.