Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 4 Gateway Services : SSO Implementation Using OAuth

SSO Implementation Using OAuth
Single Sign-On (SSO) mechanism is a one time login process in which you can access several connected applications with a single credential. This means if you log in to one of the connected applications, you do not have to enter user id and password separately to log in to the other applications.
Using OAuth with TIBCO BusinessConnect Client Application
TIBCO BusinessConnect is configured to use OAuth 2.0, which facilitates SSO authentication for accessing TIBCO BusinessConnect client applications (TCM/PX). This means the user who already has a login session with the client application does not need to provide their login credentials again when accessing another TIBCO BusinessConnect client application. The user name and password are stored in the (Lightweight Directory Access Protocol) LDAP that supports OAuth.
Before the client application can use OAuth for authentication, the following configuration prerequisites should be taken into consideration:
You must set the SSO properties in BusinessConnect > System Settings > Activated Protocol Plug-ins and Properties.
For detailed information about the properties, see TIBCO BusinessConnect™ Trading Partner Administration, System Settings.
The following describes the basic flow when someone attempts to log in to TIBCO BusinessConnect client applications, which is configured to use OAuth, using their credentials:
1.
2.
3.
4.
5.
https://<host>:<port>/<appname>/OAuthLogin/
where the host is the DNS name or IP address of the server that hosts the TIBCO BusinessConnect, the port is the port used by the application, and the appname is the name of the application enabled with OAuth.
6.
7.
8.
9.
10.
If a user authenticates and logs in to one of the SSO implemented applications in a web browser, no authentication is required for the other SSO applications using the same browser provided the user has permissions for accessing that client application.
When multiple SSO implemented applications are using the same browser and if a user logs out of any one of the applications, then the OAuth provider session also logs out and the other application continues to work, as they are already authenticated.
If the user tries to log in to any of the SSO implemented applications after the OAuth provider session logs out, the user is asked to reauthenticate.
 

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved