You can validate single sign-on global login with different applications, and centralized logout for single or two applications.
This section provides the following topics:
You can observe single sign-on global login.
You must meet the following prerequisites:
Agents and Servers must be registered with Access Manager and running
Resources and policies controlling SSO must be defined within Access Manager Application Domains
To observe global sign-on:
You can observe single sign-on global login with different applications and agents that have the same authentication level.
For example, suppose you have:
OSSO Partner at http://host1.example.com:7777/private/index.html protected using mod_osso
Webgate Partner at http://host2.example.com:8888/mydomain/finance/index.html protected using OAM Agent
Within the same browser session, you can access all applications protected by either agent with only a single sign in.
You must meet the following prerequisites:
Agents and Servers must be registered with Access Manager and running
Resources and policies must be defined within Access Manager Application Domains
Both partners must be protected at the same authentication level
Single sign-on must be configured as described in this chapter
To observe global sign-on with mixed agent:
OSSO Agent Protected Application:
From a browser, enter the URL of the OSSO-protected resource
Confirm that the login page appears and sign in using proper credentials.
Confirm that the protected resource is served.
Remain in the same browser session and proceed to Step 2.
Same Browser Session, OAM Agent Protected Application:
In the same browser session as Step 1, enter the URL of the OAM Agent-protected resource.
Confirm that the protected resource is served and that no login page appears.
Log out of the browser session.
Fresh Browser Session, OAM Agent Protected Application:
In a fresh browser session, enter the URL of the OAM-protected resource.
Confirm that the login page appears and sign in using proper credentials.
Confirm that the protected resource is served.
Remain in the same browser session and proceed to Step 5.
Same Browser Session, OSSO Agent Protected Application:
In the same browser session as Step 4, enter the URL of the OSSO Agent-protected resource.
Confirm that the protected resource is served and that no login page appears.
You can observe centralized logout with OAM Agents and with mod_osso.
With OAM Agents, the logout URL redirects to the server and cookies are cleared and invalidated so that a subsequent request cannot locate the cookie.
With mod_osso, each agent destroys its own cookies. The logout URL redirects to the global logout page on the server and each partner sends cookies to the server.
You must meet the following prerequisites:
Agents must be registered and running
Resources must be protected by Access Manager Application Domains
Single sign-on must be configured with authentication and authorization policies and responses in Access Manager Application Domains
To observe centralized logout:
Single Application:
From a browser, enter the URL of the protected resource.
Confirm that the login page appears and sign in using proper credentials.
Confirm that the protected resource is served.
Open a new browser tab or window and access the same resource to confirm that the second attempt does not require another login.
Logout from one tab.
Access the resource again to confirm that a login page appears.
Two Applications:
From a browser, enter the URL of the protected resource.
Confirm that the login page appears and sign in using proper credentials.
In a new tab or window, access another protected application and confirm that the second application does not require another login.
Log out of the first application.
Access the second application and confirm that the login page appears.