This procedure applies to HTTP listener, IIOP listener, and JMX Connector security properties.
When this option is selected, you must select SSL3 or TLS to specify which type of security is enabled, and you must enter a certificate nickname.
The keystore alias is a single value that identifies an existing server key pair and certificate. The certificate nickname for the default keystore is s1as.
To find the Certificate Nickname, use keytool, as shown in the following example:keytool -list -v -keystore keystore.jks.
If the name has changed in the keystore file, then use that name instead of keystore.jks.
To find the Certificate Nickname, use the certutil utility.
For information on ciphers, see About Ciphers in Sun Java System Application Server 9.1 Administration Guide.
Single sign-on enables multiple applications to share user sign-on information, rather than requiring each application to have separate user sign-on. Applications using single sign-on authenticate the user one time, and the authentication information is propagated to all other involved applications.
Single sign-on applies to Web applications configured for the same realm and virtual server.
Note - Single sign-on uses an HTTP cookie to transmit a token that associates each request with the saved user identity, so it can be used only when the browser client supports cookies.
Single sign-on operates according to the following rules:
When a user accesses a protected resource in a Web application, the server requires the user to authenticate himself or herself, using the method defined for that Web application.
Once authenticated, the Application Server uses the roles associated with the user for authorization decisions across all Web applications on the virtual server, without challenging the user to authenticate to each application individually.
When the user logs out of one Web application (explicitly, or because of session expiration), the user’s sessions in all Web applications become invalid. Thereafter, the user is required to log in to access a protected resource in any application.