Set the single sign-on (SSO) domain name for your IBM
® Application Server environment.
About this task
Choose the type of domain name that you want to configure from the following options:
Single SSO Domain
Specify one domain name for all single sign-on hosts. Enter a period (.) before the name. For example, .example.com. The application server uses the information after the first period, from left to right, for the domain names.Blank (Use local host as SSO Domain)
For example, if you administer a system named test4 that is registered as part of the example.com network domain, its fully qualified host name is test4.example.com. If SSO is enabled for the example.com domain, only cookies that originate in this domain are authenticated and can be stored on the test4.example.com system.
If you do not define an SSO domain name, the Web browser defaults the domain name to the host name where the web application is running. Single sign-on is then restricted to the application server host name and does not work with other application server host names in the domain.Multiple SSO domains
You can specify multiple domains separated by a semicolon (;), space ( ), comma (,), or pipe (|). The host name of each HTTP request is compared with each domain until the first match is located. For example, if you specified example.com;production.example.com as the SSO domain names and a match is found in the example.com domain first, the application server does not try to find a match in the production.example.com domain. However, if a match is not found in either example.com or production.example.com, the application server does not set a domain for the Ltpa Token cookie.Arbitrary SSO domain (Use URL domain as SSO domain)
If you enter UseDomainFromURL in the Domain name field, the application server sets the SSO domain name value to the domain of the host that is used in the web address. For example, if an HTTP request comes from server1.example.com, the application server sets the SSO domain name value to example.com.
Note: The UseDomainFromURL value is not case-sensitive. You can enter usedomainfromurl to use this value.
To set your SSO domain name, complete the following steps:
- Log in to the WebSphere Application Server Integrated Solutions Console on the Deployment Manager.
- Select Security -> Global security -> Web and SIP security -> Single sign-on (SSO).
- Enter a value for the SSO Domain name.
- Click Apply and then click Save.
- Perform a full synchronization of all the nodes.
What to do next
Ensure that you have enabled Interoperability Mode
and Use available authentication data when an unprotected URI is accessed.
For more information, see the Setting up federated repositiories
Parent topic: Configuring single sign-on
Setting up federated repositories