Sun OpenSSO Enterprise 8.0 Administration Guide

Initiating User Authentication with the Login URL

To initiate the authentication process defined for a particular user, append the user=Universal-ID parameter to the base login URL as in:


Additionally, you can append the realm=realm-name parameter to the base login URL as in:


If there is no defined realm parameter, the realm will be determined from the server host and domain specified in the login URL.

Tip –

The User Alias List attribute in the User profile is where the disparate Universal IDs defined for one user are mapped. On receiving a request for user authentication, the Authentication Service first verifies that the Universal ID passed with the login URL maps to a valid user. It then retrieves the specified Authentication Configuration data from the user's profile. In the case, for example, where there is more than one module in the authentication chain and a different Universal ID is defined for the user, all user profiles must map to the Universal ID specified in the URL or the user will be denied a validated SSOToken. An exception would be if one of the Universal IDs belongs to a top level administrator whereby the user mapping validation is not done and the user is given top level administrator rights.