(V5.5.4 and later) Using SSO token propagation
You can use SSO token propagation with Content Platform Engine to streamline authentication and authorization. With this configuration, security attributes are propagated downstream without additional calls to the user registry.
About this task
SSO token propagation is supported only with WebSphere Liberty or WebSphere Application Servers that are using the Web Services Interface (WSI) transport.
In addition, the CEWS URL must use HTTPS, that is, SSL/TLS protocol, and the Content Platform Engine SSL certificate must be added to the client keystore as needed.
The following types are SSO tokens are supported to propagate user identity to the Content
Platform Engine server:
- LTPA - Lightweight Third Party Authentication
- WebSphere Application Server's proprietary SSO token mechanism to pass a user's identity between WebSphere servers.
- OAUTH - Open Authorization 2.0
- Open standard for token-based authentication and authorization on the Internet. Typically used to pass a user's identity to back-end applications.
- OIDC - OpenID Connect
- Open standard based on OAuth 2.0 that allows web applications, also called relying parties (RP), to authenticate users with an external server called the OpenID Connect Provider, (OP). This server typically gets user information from an identity provider (IdP), which is a database of user credentials and attribute information.
OAUTH and OIDC authentication require similar steps to configure.