Single Sign-on
Using the single sign-on (SSO) feature, a user authenticated by an external application can become authenticated to PRPC without providing another user ID and password. This feature can improve user productivity and allow better control over passwords. This feature uses a specially formatted URL and information in an Application ID data instance (Data-Admin-AppID class).
See Authentication in PRPC, a document in the Integration area of the PDN, for information on alternatives to the normal log in form. See also How to implement Single Sign-on using SPNEGO and JAAS. (SPNEGO is an acronym for Simple and Protected GSS-API Negotiation Mechanism, used in Microsoft Windows.)
Your authentication activities for HTTP communication can use the pxRequestor.pxHTTPServletRequest property (of mode Java Object). This is a facade object that provides most of the information received about the incoming HTTP request. A few operations are not allowed:
- Accessing the file system using getRealPath()
- Read/write access to session or request attributes
- Access to the HttpServlet
- Examination of current session Roles
- Creation of a
RequestDispatcher
Despite these limitations, an activity can access the object to obtain cookie and header information.
The pxHTTPServletRequest property is created only when a custom authentication activity runs. To reduce memory demand, this property is not present during other requests. B-21094
|
LDAP, requestor page |
|
About Application ID data instances |
Definitions