Enhancing the IDM Portal with Single Sign-On
Novell Cool Solutions: Tip
By Erich Vogel
Digg This -
Posted: 14 Jun 2006
A customer who implemented the Novell IDM 3 product suite wanted to provide the UserApplication in the existing employee portal, based on SAP EP 6.0. Currently, the portal single sign-on capability cannot be used. The customer requires single sign-on for all portal applications, and therefore the Novell UA as well.
The customer does not allow the implementation of new software modules, e.g., NAM for authentication purposes. (This is based on complexity, additional products to operate, training, etc.).
Only the user ID is present in the portal when the user signs on. The password is not stored in the URL and therefore we can not use HTML methods to detect the user password. Therefore we implemented an algorithm using a one-way function to create random passwords via the Novell IDM 3 Metaengine for the user, based on user attributes. This function is also used to calculate the user password when the server-side application is called.
The following approach was discussed and agreed with the customer. The approach basically works for all application servers as it is based on common JAVA Web-Technologies (for example J2EE, Servlet-/JSP-Container).
1) Computacenter implemented a server-side application, which detects the user credentials used by the Novell UserApplication login portlet.
2) The user is presented a link to this application in place of the UserApplication login site.
3) Whenever the link is used, the application determines the user credentials and performs the sign-on in the server context (without a human- readable URL). The sign-on is transparent to the user, our application uses the "real" link to the UA self service page in the portal.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com