Stacking Providers for DCN SSO Authentication

(Applies only to DCN events) Stack DCN providers with SSO providers to authenticate the SUP DCN User logical role with the SSO mechanisms. The users must be authenicated before they can be authorized.

The providers you use for SSO can vary.
  1. For HttpAuthenticationLoginModule SSOimplementations, the CertificateAuthenticationLoginModule must be first in the list with the controlFlag set to "sufficient". If authentication succeeds, no other modules are used unless their controlFlags are set to "required".
  2. For CertificateAuthenticationLoginModule implementations, , stack the chose DCN provider after the CertificateAuthenticationLoginModule and:
    1. Set the CertificateAuthenticationLoginModule's controlFlag to "sufficient", and order it first in the stack. This sequence allows normal device users to authenticate quickly.
    2. Choose any other user name and password-based login module to stack with its controlFlag set to either "optional" or "sufficient".
Parent topic: Stacking LoginModules in SSO Configurations
Previous topic: Retrieving Roles for Subjects Authenticating to Single Sign-on Enabled Login Modules