Implementing single sign-on

The application can use attributes of the CODEBASE-LOCATOR handle to implement single sign-on, which eliminates the need for the end user to enter the same user ID or password multiple times. Single sign-on is illustrated by the following scenarios:

WebClient prompts the end user for authentication information and stores the end user's responses in the security cache. Then, the application accesses the cached authentication information, using the CODEBASE-LOCATOR attributes to connect to the AppServer if both the codebase and the business logic reside on the same server.

The application deployer checks the Share Authentication Cache of Configuration File Locator toggle box on the Application Assembler's Codebase Locator Definition dialog. After the end user enters values for URL-USERID and URL-PASSWORD to download the configuration file, WebClient makes these values (or those that already reside in the persistent cache) available through the CODEBASE-LOCATOR attributes. These can be used to connect to the AppServer through AIA if the same Web server hosts AIA and the configuration file.

If the application requests authentication information before WebClient does, the application might set some or all of the security-cache attributes, which WebClient could then pick up. This might happen if WebClient starts the application, finds that nothing has changed since the last time it ran, and so does not download any components or updates. Then, the application starts, connects to a server, discovers it is the first to connect, and populates these attributes.

If the application sets any of these attributes, the next time WebClient needs to connect to a server, WebClient uses these cached values, rather than prompting the end user again. For more information on these attributes, see the Using the CODEBASE-LOCATOR handle and its attributes.