Windows Desktop SSO
The Windows Desktop SSO authentication module is a Kerberos-based authentication plug-in module targeted for Windows™ desktop users. It allows a user who has already authenticated to a Kerberos Distribution Center (KDC) to authenticate to OpenSSO Enterprise without re-submitting login credentials (in effect, single sign-on). In order to perform Kerberos-based single sign-on to OpenSSO Enterprise, the user on the client side must support the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) protocol. (In general, any user that supports this protocol should be able to use this module.) The user presents the Kerberos token to OpenSSO Enterprise using SPNEGO and the client sends back a SPNEGO token embedded with a Kerberos token. The module retrieves the Kerberos token, authenticates the user using the Java GSS API and, if successful, returns an SSOToken to the client.
Note –
You must use JDK 1.4 or above to utilize the new features of Kerberos V5 authentication module and Java GSS API to perform Kerberos based SSO in this SPNEGO module.
For information on the Windows Desktop SSO authentication module attributes, see Windows Desktop SSO in Sun OpenSSO Enterprise 8.0 Administration Reference. See Before You Begin for special pre-configuration instructions when using the Windows Desktop SSO authentication module.
- © 2010, Oracle Corporation and/or its affiliates