LW-SSO Authentication Overview

LW-SSO is a method of access control that enables a user to log on once and gain access to the resources of multiple software systems without being prompted to log on again. The applications inside the configured group of software systems trust the authentication, and there is no need for further authentication when moving from one application to another.

The information in this section applies to LW-SSO version 2.2 and 2.3.

  • LW-SSO Token Expiration

    The LW-SSO Token's expiration value determines the application's session validity. Therefore, its expiration value should be at least the same value as that of the application session expiration value.

  • Recommended Configuration of the LW-SSO Token Expiration

    Each application using LW-SSO should configure token expiration. The recommended value is 60 minutes. For an application that does not require a high level of security, it is possible to configure a value of 300 minutes.

  • GMT Time

    All applications participating in an LW-SSO integration must use the same GMT time with a maximum difference of 15 minutes.

  • Multi-domain Functionality

    Multi-domain functionality requires that all applications participating in LW-SSO integration configure the trustedHosts settings (or the protectedDomains settings), if they are required to integrate with applications in different DNS domains. In addition, they must also add the correct domain in the lwsso element of the configuration.

  • Get SecurityToken for URL Functionality

    To receive information sent as a SecurityToken for URL from other applications, the host application should configure the correct domain in the lwsso element of the configuration.