This information describes ISV considerations for the enablement
of single signon, and how ISVs can create applications and programs that can
participate in a single signon environment.
As an independent software vendor (ISV) you know that many of your customers
are implementing single signon environments to take advantage of the cost
and time benefits that single signon provides. You want to ensure that you
design your application products to participate in single signon environments
so that you can continue to provide the solutions that your customers want
and need.
To enable your applications to participate in an
i5/OS™ single
signon environment, you need to perform the following tasks:
- Enable your i5/OS server
applications for EIM
- One of the foundations of a single signon environment is Enterprise Identity Mapping.
EIM is a mechanism for mapping or associating a person or entity to the appropriate
user identities in various registries throughout the enterprise. Application
developers for i5/OS use
EIM to build applications that use one user registry for authentication and
another for authorization--without requiring the user to provide another set
of credentials. EIM provides APIs for creating and managing these identity
mapping relationships, as well as APIs that applications use to query this
information. You can write applications that use EIM APIs to perform lookup operations for user identities
within an enterprise.
- Enable your i5/OS server
and client applications to use a common authentication mechanism
- While you are free to choose any common authentication mechanism you want
for your application's single signon environment, the i5/OS single signon environment
is based on the network authentication service (Kerberos) which provides an
integrated single signon environment with Windows® 2000 domains.
If you want your applications to participate with the same secure, integrated
single signon environment as i5/OS,
should choose network authentication service as the authentication mechanism
for your applications. The following are examples of the different authentication
methods you can choose for your applications:
- Network
authentication service
- Use the Scenario: Enable single signon
for ISV applications to learn how to use EIM application programming
interfaces (APIs) in conjunction with network authentication service to create
applications that can fully participate in a single signon environment. This
scenario includes some ISV code examples,
including pseudocode, for example pseudocode and snippets that you can use
to help complete your program.
- Digital
certificates
- It is possible to develop applications for a single signon environment
that use digital certificates as the authentication method. To insert the
necessary code into your program for authenticating with digital certificates,
you must use the Digital
Certificate Management APIs.
- Lightweight
Directory Access Protocol (LDAP)
- It is possible to develop applications for a single signon environment
that use the directory server as the authentication method. To insert the
necessary code into your program for authenticating with the directory server,
you must use the Lightweight
Directory Access Protocol (LDAP) APIs.