Single Sign-On (SSO) with OZP

[Chuck Hinson]

Has anyone done Single Sign On (SSO) with OZP (with PKI certs)?

We'd like to eliminate the need to have a separate login for certain hosted apps/widgets - once you've logged in to OZP, you shouldnt be asked to to log in again by apps/widgets that support SSO.

(I'm aware that this would require a certain amount of cooperation from the hosted apps/widgets that want to participate in SSO; I'm assuming that both OZP and the SSO-enabled widgets/apps share the same credentials - e.g., same LDAP store.)

--Chuck

[OZP Dev]

OZP typically has no control over the apps authentication and there would need to be cooperation and specific configuration on both the OZP deployment and the SSO-enabled widgets/apps.

OZP has the ability to authenticate users with PKI certificates. With proper browser and network configuration each app would do its own authentication but be seamless as SSO for the user. However, some browser and network configurations may cause users to select a PKI certificate for each app that is on the webtop or opened in a new browser.

[chris.b...@gmail.com]

We have used OpenAM to do SSO with PKI and userId/pwd - and for both the Atlassian suite of dev tools as well as with OWF and OWF widgets.  We have not done it with OZP, but assuming OZP is using the same Spring Security it should be pretty easy to do the same with that.

You can email me directly and I can put you in touch with the developers who implemented it if you are interested in more detail.

  

On Tuesday, December 1, 2015 at 4:03:04 PM UTC-5, Chuck Hinson wrote: