Administer > System security > Trusted sign-on

Trusted sign-on

You can configure Service Manager clients to automatically log on using the same authentication information as users entered when they logged onto their client workstation's operating system. When you enable trusted sign-on, users bypass the Service Manager logon screen and directly enter the application.

In a trusted sign-on scenario the Service Manager server grants access to clients only if the following conditions are met.

  • The user's logon credentials match an existing operator record in Service Manager or a valid LDAP source that Service Manager recognizes.
  • A trusted authentication authority, such as the operating system, validates that the user's logon credentials are valid.
  • The client (Service Manager Web Tier or Windows) must present a signed SSL certificate.

The following figure depicts the connection process between a Web server, a Web application server, and the Service Manager application server:

  • The Web server receives the user information from the client via the browser, and passes the user name and domain name to the Web application server.
  • The Web application server (such as Tomcat, WebSphere®, or WebLogic Server®) acts as a client, and communicates with the Service Manager application server.
  • The Service Manager application server also checks whether the user was authenticated by a valid domain. Local machine authentication is not accepted; if attempted the Service Manager server will reject such a request.

Related topics

Example: Enabling trusted sign-on
Example: Generating a client certificate with OpenSSL
Example: Generating a server certificate with OpenSSL
Example: Viewing the contents of a cacerts file
Secure Sockets Layer (SSL) encryption and server certificates

Related topics

Add a client certificate to the web tier
Add a client certificate to the Windows client

Related topics

Requirements for required SSL encryption
Requirements for required SSL encryption and client authentication
Requirements for required SSL encryption and trusted clients
Troubleshooting: No trusted certificate found in the Windows client