NonStop Servlets for JSP System Administrator's Guide
Configuring NSJSP
NonStop Servlets for JavaServer Pages (NSJSP) System Administrator’s Guide—525644-001
3-32
Configuring Single Sign-On Support
To use either of the above techniques, you must update your OSS profile to include the
following in the JAVA CLASSPATH:
iTPWS_INSTALL_DIR/servlet_jsp/server/lib/catalina.jar
This makes the RealmBase class available to you.
Configuring Single Sign-On Support
NSJSP enables users to authenticate themselves just once across the entire set of
web applications associated with a virtual host. To successfully configure NSJSP for
single sign-on support, the following requirements must be taken into account:
•
All clients that intend to utilize single sign-on support must provide support for
cookies, which are used to maintain the user identity across web applications.
•
As implemented in the NSJSP container, the scope of single sign-on support is the
entire set of web applications registered with a single virtual host.
The system administrator must configure the iTPWS_INSTALL_DIR
/servlet_jsp/conf/iTP_server.xml file as follows to enable single sign-on
support:
1. At the <Engine> or <Host> level, configure a <Realm> element that defines the
database of valid users and their corresponding roles. In the default configuration
shipped with NSJSP, this is done at the <Engine> level.
You must not configure a <Realm> element inside one of the <Context>
elements describing the web applications associated with this virtual host.
2. Nested inside the <Host> element, include the element as shown in
Example 3-26:
3. For each web application that you need to operate under the single sign-on
support environment, define appropriate <security-constraint> and
<login-config> elements in its web.xml. The <security-constraint>
elements identify portions of the application's URI space that are required for user
authentication, and the <login-config> element is used if this application is the
first one accessed by the user that requires the user to log in.
There are no restrictions on different web applications utilizing different
authentication methods.
Example 3-26. Configuring Single Sign-On Support
<Host name="localhost" ...>
...
<Valve className="org.apache.catalina.authenticator.SingleSignOn"
debug="0"/>
...
</Host>