In expanded single sign-on support, Unwired Platform allows the tokens generated by any system to be used for single sign-on. Administrators can configure the Web service connection properties with the name of the credential containing the token and how to propagate it to the Web service.
Any login module can add a NamedCredential to the authenticated subject. A NamedCredential is a credential that has a name associated with it and can contain any value. Typically, a credential is used to store a value that can be used to authenticate the user to a backend server using SSO.
For example, the SAPSSOTokenLoginModule by default adds the MYSAPSSO2 token as the credential with the name "MYSAPSSO2". The HttpAuthenticationLoginModule by default adds the cookie, when configured to look for one, as the single sign-on credential with the name set to the cookie name upon successfully authenticating the user.
To use the NamedCredential added by a login module for single sign-on into EIS, the administrator must set the properties in the EIS connection definition to identify the NamedCredential and how it should be propagated to the EIS in the following format:
credential.<X>.name=credential name
credential.<X>.mapping=credential mapping to header/cookie
where X is any unique ID that binds the name and the mapping for a specific credential. Multiple such bindings can be configured so that any or all of the available credentials can be passed to the backend using the specified mechanism.
The following is an example for specifying a sample SiteMinder token from the credential named SiteMinderSSOTokenCredential that should be set in the connection to the backend server as a SMSESSIONID cookie.
credential.1.name=SiteMinderSSOTokenCredential
credential.1.mapping=cookie:SMSESSIONID
The following is an example to set the MYSAPSSO2 http header in the connection to the backend server using the value from the SAPSSOTokenCredential.
credential.myindex.name=SAPSSOTokenCredential
credential.myindex.mapping=header:MYSAPSSO2