Red Hat Training

A Red Hat training course is available for Red Hat JBoss Enterprise Application Platform

Chapter 19. Single Sign On (SSO)

19.1. About Single Sign On (SSO) for Web Applications


Single Sign On (SSO) allows authentication to one resource to implicitly allow access to other resources.

Clustered and Non-Clustered SSO

Non-clustered SSO limits the sharing of access information to applications on the same virtual host. In addition, there is no resiliency in the event of a host failure. Clustered SSO data can be shared between applications in multiple hosts, and is resilient to failover. In addition, clustered SSO is able to receive requests from a load balancer.

How SSO Works

If a resource is unprotected, a user is not challenged to authenticate at all. If a user accesses a protected resource, the user is required to authenticate.

Upon successful authentication, the roles associated with the user are stored and used for authentication of all other associated resources.
If the user logs out of an application, or an application invalidates the session programmatically, all persisted authentication data is removed, and the process starts over.
A session timeout does not invalidate the SSO session if other sessions are still valid.