Single Sign-On Support

Many corporate applications contain their own authentication systems or use a non-Windows authentication scheme, such as IBM’s “RACF” mainframe authentication system. However, developers of front-end Web applications, including Web portals, that access these corporate applications often want to shield users from the need to use and remember multiple user accounts and make it possible for them to sign on once (at initial log-on using their Windows credentials) without being prompted again, yet still preserve the user-level authorization performed by the back-end systems.

This concept, known as single sign-on (SSO), is supported by several Microsoft products used in integrating SharePoint Portal Server (SPS) 2003 portals with back-end applications,

SPS 2003. SPS 2003 can map a user’s Active Directory (AD) identity to corresponding security credentials specific to corporate applications and pass these in a secure fashion to the back-end application, as long as the back-end system supports Secure Sockets Layer (SSL) encryption. This feature can work hand-in-hand with SPS 2003’s personalization feature, so the user will only see an interface for back-end applications and data he is authorized to use.