Show Table of Contents
Chapter 14. Single Sign On (SSO)
14.1. About Single Sign On (SSO) for Web Applications
Overview
Single Sign On (SSO) allows authentication to one resource to implicitly authorize access to other resources.
Clustered and Non-Clustered SSO
Non-clustered SSO limits the sharing of authorization information to applications on the same virtual host. In addition, there is no resiliency in the event of a host failure. Clustered SSO data can be shared between applications in multiple virtual hosts, and is resilient to failover. In addition, clustered SSO is able to receive requests from a load balancer.
How SSO Works
If a resource is unprotected, a user is not challenged to authenticate at all. If a user accesses a protected resource, the user is required to authenticate.
Upon successful authentication, the roles associated with the user are stored and used for authorization of all other associated resources.
If the user logs out of an application, or an application invalidates the session programmatically, all persisted authorization data is removed, and the process starts over.
A session timeout does not invalidate the SSO session if other sessions are still valid.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.