Configuring for single sign-on
In order to launch from Control Desk to TADDM without logging in again, you must configure several components to work together.
Before you begin
About this task
Follow these steps to configure Control Desk and TADDM to enable single sign-on:
Procedure
- Configure the J2EE server to enable the single-sign-on capability.
- Configure your browser to enable the single-sign-on capability.
- Configure the connection between the authentication server and the authentication client.
- Optionally, configure the connection between the authentication server and the authentication client to use the Secure Sockets Layer (SSL) protocol.
What to do next
Note: Single sign-on authentication uses time-sensitive tokens.
You must verify that the time, date, and time zone are synchronized
among all authentication service and WebSphere servers that are participating
in the protected domain. If the clock difference is too high between
servers, the single sign-on token can expire prematurely on some servers
and cause authentication or validation failures. WebSphere and authentication service-based
single sign-on tokens are assigned a lifetime of two hours by default.
For best results, servers must be synchronized to within 5 minutes
to ensure that single sign-on tokens are evaluated consistently.