Single sign-on (SSO) authenticates users by prompting them for a user name and password a single time. Enabling platform single sign-on gives users secure access to the platform keystore without displaying additional authentication prompts.
To enable platform single sign-on, perform the following step:
In the plugin_customization.ini file in the install_dir
/rcp directory, set the values for the following preferences to true
- com.ibm.rcp.security.auth.ui/ssoAllowed – Boolean value. Determines whether or not users have the option of using single sign-on. You can set this preference value during the client installation or later using a managed setting.
- com.ibm.rcp.security.auth.ui/ssoEnable – Boolean value. Determines whether or not users have the option of turning single sign-on on or off. If set to true, single sign-on is used. If set to false, single sign-on is disabled. The value of this preference is relevant only if ssoAllowed is true.
- The ssoEnabled and ssoAllowed values can only be set before the platform is run. After the platform is run, these options can no longer be changed.
- To assist in managing SSO password lockouts on Windows®, Lotus® Expeditor provides the SSOResetPolicy preference. For more information, see Updating the plugin_customization.ini file.
- In a multi-user environment, platform single sign-on must be configured for each individual user.
- SSO cannot be enabled while switching JVMs."
Parent topic: Managing client configurations: XPD621