AI Suite SSO

InterPlay, Datastore and Designer can be configured to run with PassPort single sign on solutions.

PassPort supports two SSO modes:

  • Central Authentication Service (CAS) mode
  • Reverse-proxy mode

CAS mode provides superior performance but the SSO agent cannot be deployed in the DMZ. You can use the Reverse proxy mode if you need to deploy the SSO agent in the DMZ.

To achieve high availability for SSO, the SSO server, PassPort server and the AI Suite component server must be installed in two servers. The URL used to communicate between browser and servers or between servers must be a load balancer URL.

CAS SSO

Central Authentication Service (CAS) is an authentication system that provides a trusted way for an application to authenticate a user.

The following graphic illustrates CAS SSO with PassPort SSO and an AI Suite component:

CAS SSO

Flow description:

  1. The user connects using the browser through the SSO login page hosted into PassPort SSO Agent.
  2. Credentials are checked in PassPort and, if successful, a token is generated.
  3. The browser receives a redirect request to the AI Suite component URL including the token.
  4. The browser connects to the AI Suite component where an SSO web filter verifies the token connecting to the PassPort server.
  5. Each browser HTTP service request to the AI Suite component contains the token that is verified by the SSO web filter.

Reverse-proxy SSO

PassPort's reverse proxy SSO is based on routing each request from the browser through PassPort SSO Agent.

The following graphic illustrates Reverse proxy SSO with PassPort SSO and an AI Suite component:

Reverse proxy SSO

Flow description:

  1. The user connects using the browser through the SSO login page hosted into PassPort SSO Agent.
  2. Credentials are checked in PassPort and, if successful, a token is generated.
  3. Each browser HTTP service request to the SSO agent contains the token.
  4. The SSO agent checks the token and routes the request to the AI Suite component.
  5. The AI Suite component replies to the SSO agent.
  6. The SSO agent sends the response to the user browser.

High availability

To achieve high availability for SSO, the PassPort application and the AI Suite component applications must be installed in two servers. The URL used to communicate between browser and servers or between servers must be a load balancer URL.

Related Links