Kerberos Use Case: Single Sign-On to Custom .NET Application and ActiveMatrix BPM REST Services

If the user has signed on to a custom .NET application, they can continue to use it as it makes calls to ActiveMatrix BPM REST services without having to sign on again.

Prerequisites

  • The user is in a single Active Directory that is accessible by Windows and ActiveMatrix BPM via Shared Resources.

Procedure

  1. The user provides their credentials to Windows.
  2. Windows grants access to the user.
  3. In the same Windows login session, the user accesses a custom .NET application, which is running on Microsoft Internet Information Services using Integrated Windows Authentication.
  4. Single sign-on occurs from Windows to the application.
  5. The application grants access to the user, without displaying its sign-on screen.
  6. While the user is using the application, the application makes a call to an ActiveMatrix BPM REST service.
  7. Single sign-on occurs from the application to ActiveMatrix BPM.
  8. The service runs without displaying a sign-on screen.

Result

Having signed on to Windows, the user can use the application, and the application can make calls to ActiveMatrix BPM REST services without the user having to sign on again.