Single sign-on (SSO) is a property of access control of multiple related systems. SSO validates a user identity that might have been authenticated at another location, but within the same security domain.

One of the primary Web application best practice is for the Web server (that is, Java container) to handle authentication and authorization of the Web application resources. For this purpose, the Spring Security framework was added to the REST Web application build. For more information, see REST Management Agent and REST Web Application Security Configurations. However, while this is the right way for Web application security to operate, it does not satisfy the ABL AppServer service's requirements to know who is the current logged-in user and what is the user's login session-id. The lack of user login session coordination between the Web application and the AppServer promotes ABL developers to bypass web application security and attempt handling the application security in the AppServer end as if it were just another on-premise ABL client.

REST Web applications address this issue by enabling SSO. In this case, the REST Web application represents the AppServer client which has successfully authenticated to an external source (that is, the Web server) and is identified by the AppServer using the same identity. In this way you may employ a strong Web server security and operate with the same user identity and login session.