Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
LW-SSO Security Warnings
This section describes security warnings that are relevant to the LW-SSO configuration:
-
Confidential InitString parameter in LW-SSO. LW-SSO uses Symmetric Encryption to validate and create a LW-SSO token. The initString parameter within the configuration is used for initialization of the secret key. An application creates a token, and each application using the same initString parameter validates the token.
Caution
-
It is not possible to use LW-SSO without setting the initString parameter.
-
The initString parameter is confidential information and should be treated as such in terms of publishing, transporting, and persistency.
-
The initString parameter should be shared only between applications integrating with each other using LW-SSO.
-
The initString parameter should have a minimum length of 12 characters.
-
-
Enable LW-SSO only if required. LW-SSO should be disabled unless it is specifically required.
-
Level of authentication security. The application that uses the weakest authentication framework and issues a LW-SSO token that is trusted by other integrated applications determines the level of authentication security for all the applications.
It is recommended that only applications using strong and secure authentication frameworks issue an LW-SSO token.
- Symmetric encryption implications. LW-SSO uses symmetric cryptography for issuing and validating LW-SSO tokens. Therefore, any application using LW-SSO can issue a token to be trusted by all other applications sharing the same initString parameter. This potential risk is relevant when an application sharing an initString either resides on, or is accessible from, an untrustworthy location.
-
User mapping (Synchronization). The LW-SSO framework does not ensure user mapping between the integrated applications. Therefore, the integrated application must monitor user mapping. We recommend that you share the same user registry (as LDAP/AD) among all integrated applications.
Failure to map users may cause security breaches and negative application behavior. For example, the same user name may be assigned to different real users in the various applications.
In addition, in cases where a user logs onto an application (AppA) and then accesses a second application (AppB) that uses container or application authentication, the failure to map the user will force the user to manually log on to AppB and enter a user name. If the user enters a different user name than was used to log on to AppA, the following behavior can arise: If the user subsequently accesses a third application (AppC) from AppA or AppB, then they will access it using the user names that were used to log on to AppA or AppB respectively.
- Identity Manager. Used for authentication purposes, all unprotected resources in the Identity Manager must be configured with the nonsecureURLs setting in the LW-SSO configuration file.
-
LW-SSO Demo mode.
- The Demo mode should be used for demonstrative purposes only.
- The Demo mode should be used in unsecured networks only.
- The Demo mode must not be used in production. Any combination of the Demo mode with the production mode should not be used.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to cms-doc@microfocus.com.
Help Topic ID:
Product:
Topic Title:
Feedback: