In expanded single sign-on support, Sybase Unwired Platform allows the tokens generated by any system to be used for single sign-on (SSO). Administrators can configure the Web service connection properties with the name of the credential containing the token and how to propagate it to the Web service.
Any login module can add a NamedCredential to the authenticated subject. A NamedCredential is a credential that has a name associated with it and can contain any value. Typically, a credential is used to store a value that can be used to authenticate the user to a backend server using SSO.
The HttpAuthenticationLoginModule by default adds the cookie, when configured to look for one.
To use the NamedCredential added by a login module for single sign-on into EIS, the administrator must set the properties in the EIS connection definition to identify the NamedCredential and how it should be propagated to the EIS in the following format:
credential.<X>.name=credential name
credential.<X>.mapping=credential mapping to header/cookie
where X is any unique ID that binds the name and the mapping for a specific credential. Multiple such bindings can be configured so that any or all of the available credentials can be passed to the backend using the specified mechanism.
The following is an example for specifying a sample SiteMinder token from the credential named SiteMinderSSOTokenCredential that should be set in the connection to the backend server as a SMSESSIONID cookie.
credential.1.name=SiteMinderSSOTokenCredential
credential.1.mapping=cookie:SMSESSIONID