Single Sign-On (SSO) Authentication
TIBCO ActiveMatrix BPM supports single sign-on (SSO) authentication.
This means that a user who already has a login session with the client application does not need to provide their login credentials again when calling a TIBCO ActiveMatrix BPM service (provided that their credentials are also valid for logging in to TIBCO ActiveMatrix BPM).
The following types of SSO authentication are supported:
| Type | Supported by |
|---|---|
| X.509 certificates |
|
| SAML tokens |
|
| SAML Web Profile |
|
| SiteMinder |
|
| Kerberos |
|
| OpenID Connect JWT tokens |
|
1 In this context, these are ActiveMatrix BPM applications that are developed using, or supplied as part of, the Client Application Framework - such as Workapp. For more information, see "Client Application Development" inTIBCO® BPM Enterprise Client Application Management Guide.
2 These are applications (for example,
openworkitem and
startbizaction) that are bundled with Application Development. They demonstrate how to use the business components that are provided with Application Development.
For more information, see "Bundled Applications" in the
TIBCO® BPM Enterprise Client Application Developer Guide.
) Bundled applications can use OpenID Connect or
SAML Web Profile authentication if you have embedded the
bpm-login business component in the bundled application. The
bpm-login business component provides OpenID Connect and
SAML Web Profile authentication capability out-of-the box. If you are using this component, you do not need to add the interceptor script (bpm-sso-interceptor.min.js) in your application's launch script.
For more information about SSO authentication, seeTIBCO® BPM Enterprise Single Sign-On.