Overview of the Single Sign-On Adapter

The single sign-on adapter service allows end users to use applications, such as a portal server provider or any other web application, to gain authenticated access to various resource servers after signing in once. The resource servers that can be accessed depend on the implementations of the SSO Adapter interface that are available in the system.

Portal Server provides SSO Adapters for the following resource servers: Address Book, Calendar, and Mail. Single Sign-On for the Instant Messaging channel is not achieved through SSO Adapter but through the use of the Sun Java System Portal Server authentication method. For information on this method, see the authMethod property in Instant Messaging Channel . The Address Book, Calendar, and Mail services are available through the products:

• Sun Java System Calendar Server 5.1.1, 6.0, 6 2006Q2

• Sun Java System Sun Java System Messaging Server 5.2, 6.0, 6 2006Q2

Resource servers are typically accessed by an application using a standard application programming interface (API), such as the JavaMail^TM API for accessing a mail server. To create an authenticated connection using the API, the API must be provided the configuration data for the connection. The purpose of the SSO Adapter is to provide this configuration data, and the SSO Adapter service is used to store that data.

The SSO Adapter service defines two levels of data, meta-adapters and adapters. A meta-adapter defines a class of connections that are going to be made available to users. A single meta-adapter is used by many users. It defines data values that are the same for all users that use the meta-adapter including default values and identification of what values can be edited by a user. Therefore, meta-adapters are defined at a global service level.

An adapter builds upon a meta-adapter by providing data values that are specific to an organization, role, or user. An adapter references a meta-adapter, and takes data values from the meta-adapter for those properties that are not editable by the user. When an end user changes the user-editable properties of an adapter, that adapter would then apply only to that one user.

A Sun Java System Sun Java System Portal Server communication channel that uses the SSO Adapter service references either a meta-adapter or an adapter to get data values needed to obtain a connection to a resource server. If the channel references a meta-adapter, and the user saves configuration information, the reference is changed to refer to an adapter instead. The adapter then references the meta-adapter.

All administration for the SSO Adapter is done either through the Portal Server console web application or the psadmin command-line interface. The default deployment URI for Portal Server console is /psconsole. The default location for the psadmin CLI is /opt/SUNWportal/bin for Solaris.