Version 4.0 of RBPM includes an enhanced SSO architecture that provides an easy way to integrate single sign-on functionality into the User Application. This new architecture works with a variety of system environments and is very secure.
The 4.0 architecture for single sign-on consists of the following key components:
Each SSO Provider handles a specific SSO user scenario. The SSO Provider recognizes the login identity, then transfers the information to the SSO Controller. The SSO Controller then verifies the information and converts the login identity to an eDirectory identity. Next, it issues a SAML authentication token and passes it to the login module to finish the login process.
The SSO Providers and the SSO Controller are loosely coupled. They communicate through an HTTP header that is digitally signed.
The Roles Based Provisioning Module ships with Kerberos and SAP SSO Providers. However, you can also implement your own custom SSO Provider to suit the requirements of your organization.
For complete details on SSO configuration, see Section 5.1.6, Single Sign-On (SSO) Configuration.