Configuring multi-server single sign-on for IBM iAdded by IBM on September 9, 2010 | Version 1 (Original)
|With multi-server single sign-on, users can log in to a server once and during that session access servers enabled for single sign-on in the DNS domain without providing names and passwords again.
With multi-server single sign-on, users can log in to a server once and during that session access servers enabled for single sign-on in the DNS domain without providing names and passwords again.
Keep the following points in mind:
- When Lotus® Quickr™ controls directory services, single-server single sign-on authentication is not supported, however, multi-server single sign-on achieves a similar result.
- URLs issued to servers configured for single sign-on must specify the full DNS server name in the SSO configuration document, not the host name or IP address. For browsers to be able to send cookies to a group of servers, the DNS domain must be included in the cookie, and the DNS domain in the cookie must match the server URL. This is why cookies cannot be used across TCP/IP domains.
- Clustered servers must have the full DNS server name in the host name field of the Web Site or Server document so that the Internet Cluster Manager (ICM) can redirect to cluster members using SSO. If the DNS server hostname is not there, ICM redirects URLs to clustered Web servers with only the TCP/IP host name, by default, and cannot send the cookie because the DNS domain is not included in the URL.
Perform the following steps to configure multi-server single sign-on authentication. These steps apply regardless of whether Lotus Quickr or IBM® Lotus Domino® controls directory services.
Parent topic: Installing on IBM i: qd85