Sun Java System Application Server Enterprise Edition 8.1 2005Q2 Administration Guide

Admin Console Security Tasks for Virtual Servers

ProcedureTo configure single sign-on (SSO)

Single sign-on enables multiple applications to share user sign-on information, rather than requiring each application to have separate user sign-on. Applications using single sign-on authenticate the user one time, and the authentication information is propagated to all other involved applications.

Single sign-on applies to Web applications configured for the same realm and virtual server.

Note –

Single sign-on uses an HTTP cookie to transmit a token that associates each request with the saved user identity, so it can be used only when the browser client supports cookies.

Single sign-on operates according to the following rules:

  1. In the Admin Console tree component, expand the Configurations node.

  2. Select the instance to configure:

    • To configure a particular instance, expand the instance’s config node. For example, the default instance, server, expand the server-config node.

    • To configure the default settings for all instances, expand the default-config node.

  3. Expand the HTTP Service node.

  4. Expand the Virtual Servers node, and select the virtual server to be configured for single sign-on support.

  5. Click Add Property.

    A blank property entry is added to the bottom of the list.

  6. Enter sso-enable in the Name field.

  7. Enter false in the Value field to disable, enter true to enable SSO.

    SSO is enabled by default.

  8. Add or change any other single sign-on properties by clicking Add Property and configuring any applicable SSO properties.

    Valid SSO properties for virtual servers are discussed in the following table.

    Property Name  




    Number of seconds after which a user’s single sign-on record becomes eligible for purging, if no client activity is received. Access to any of the applications on the virtual server keeps the single sign-on record active. 

    Default is 300 seconds (5 minutes). A higher value provides longer persistence for users, but consumes more memory on the server. 


    Interval (in seconds) between purges of expired single sign-on records. 

    Default is 60. 

  9. Click Save.

  10. Restart the Application Server if Restart Required displays in the console.