SharePoint au Quotidien

 

Retour page Accueil
Remonter

 

 

 

 

 

 

 

 

 

Using Microsoft Single Sign-On Service

Microsoft Single Sign-On (SSOSrv) service provides storage and mapping of credentials such as account names and passwords so that portal-based applications can retrieve information from third-party Enterprise Resource Planning (ERP) and Customer Relations Management (CRM) systems. These back-end systems are known as enterprise applications. Microsoft SharePoint Portal Server "v2.0" Beta 2 helps to secure these enterprise applications by storing and mapping assigned credentials using an enterprise application definition. An enterprise application definition allows customers to interact with enterprise applications directly from the portal.

Scenarios

HRWeb

A standard human resources (HR) portal or page may include several Web Parts that display employee information from a back-end employee management system. This employee data is stored in a dedicated HR database system, frequently based on SAP or PeopleSoft. These HR databases do not support Microsoft Windows NT IDs, may not run on Windows-based operating systems and, in fact, may include proprietary logon protocols. The Web Parts on the portal should retrieve the individual employee data without prompting for a separate logon. In this example, the individual employee does not have a separate logon to the HR system, but uses a group account that provides generic read access to the database. In other words, the employee does not know the user name and password required to logon to the system he or she is accessing.

Business Intelligence

An executive may use a portal to provide a dynamic, aggregated view of relevant business information. This data is stored in two places: Siebel stores the customer relationship information while SAP tracks accounts and payments. In order to see an integrated view, the portal must log on to and access both back-end systems. Prompting the user for additional passwords is an unacceptable user experience. In this example, the executive does not know the user name and password required for logon. In addition, multiple Web Parts are used to ensure this integration. By default each Web Part separately authenticates the user to the appropriate back-end system.

Notes Database

An organization may use legacy Lotus Notes databases for issue tracking and is not prepared to change databases before deploying a portal. Each corporate user has a dedicated Notes account. Corporate developers build Web Parts that display the database and provide users with logon access and appropriate read/write permission. In addition, the portal securely stores the user name and password to minimize repeated logon requests.

Types of Application Definitions

There are two primary types of enterprise application definitions used with the SSOSrv service:

  • Individual enterprise application definitions   Individual users know and manage their own credentials on the enterprise application definition.

  • Group enterprise application definitions   The individual user does not know his or her credentials on the enterprise application definition, but is associated with a managed group account.

    Note  The administrator, rather than the individual user, chooses the account type when configuring access to the enterprise application definition.

Logon Form

A Web Part retrieves the credentials from SSOSrv to access the enterprise application definition. If there are no credentials provided for the enterprise application definition, you must use the logon form to build the logon from a URL.

To get a logon form:

  1. Call the GetCredentials method of the Credentials class. Specify the application name for which you want to retrieve credentials.

  2. If SSOSrv cannot find credentials for the user for the enterprise application definition, the GetCredentials method throws a SingleSignonException. If the LastErrorCode property of the SingleSignonException is SSO_E_CREDS_NOT_FOUND, call the GetSingleSignonUrl method of the SiteInfo class to build the logon. Specify the name of the enterprise application definition when calling the GetSingleSignonUrl method.

  3. When you retrieve the URL for the logon form, redirect the browser to the URL. The logon form is displayed and prompts the user for the account name and password to use with the enterprise application definition. After SSOSrv saves the credentials, the form redirects control back to the original Web Part.

Setup

For information about setting up the SSOSrv service, see Configuring the Payroll Receipt Application.

Related Topics

Developing Enterprise Application Integration Models
Using the Payroll Receipt Sample
©2003 Microsoft Corporation. All rights reserved.

 

07/06/2003
 

 

Retour page Accueil ] Remonter ]

Envoyez un courrier électronique à EROL GIRAUDY (attention nospam dans l'E-mail) pour toute question ou remarque concernant ce site Web et visitez la rubrique Condition Utilisation et CNIL. Copyright © 2002 EROL (les sigles et logos ci-après sont la propriété de : Microsoft, Supinfo, Adobe, Compaq, HP, Sybari, Veritas, Moreover, K-map, Vyapin, Plumtree, Ixos, TooStore, K-Map, eRoom, DocKIT,NQL, Only4gurus, Nsius, Sharepointexperts, Iora, Erol, KCura, FrontPages, Nsi, Frontlook, IBuySpyPortal, moreover, slipstick, networknowledge, clubsps.org )
Dernière modification : vendredi, 26. décembre 2003 11:27