When there is a need where user needless to enter credential into JDE, SSO or Unified Sign on will be used to do the task.
What is Unified Logon?
- Unified Logon is a way for users to be validated in EnterpriseOne/OneWorld by their Windows username and password.
- It allows the user to sign-in to EnterpriseOne/OneWorld without having to enter in their Username and Password.
- The Unified Logon server is not a physical server, but rather a device that verifies sign-on security against the domain sign-on security maintained by Windows OS.
- The Unified Logon service must run on a Windows Server.
- The Unified Logon server searches its user list for an entry that matches the domain user ID. When the server finds a match, the server sends a validation request to the Enterprise Server.
- The Enterprise Server verifies that the response from the Unified Logon server matches the security information in the Security table F98OWSEC.
You have several questions on Single Signon implementation:
- Will SSO implementation eliminate the login screen for users on HTML client workstation?
- Is the Unifed Logon Process possible in HTML/Web clients?
- Is there a way to eliminate the login screen for Web clients?
Solution
To answer your questions:
1. No. You need to enter the credentials in the HTML client even though SSO is setup.
SSO enables users that are signed in to the Portals to access EnterpriseOne applications without re-entering a userID and password. You need to enter them at least once.
2. No. The Unified Login process is not possible for HTML clients. This is only available for FAT clients.
Unified Login is a way for users to be validated in E1 by their NT username and password. It verifies sign-on security against the domain sign-on security maintained by Windows OS. You have to install Unified LogIn as a service on a Windows Server.
3. The workaround is to make the Web client retain the UserID and Password (when the user logs in for the first time) by preserving this information in a Cookie.
You can do this by enabling two settings in the JAS.INI. Enable the following parameters:
[SECURITY]
UseLogonCookie=
CookieLifeTime=
When setting UseLogonCookie=DIRECT and checking the option for "Remember my signon information" (you will see a checkbox "Remember my signon information", when you login to an HTML client), the HTML client should not ask for a user and password after the first login, until the Cookie expires and should automatically let you in.
Additional notes:
[SECURITY]
UseLogonCookie=
CookieLifeTime=
When setting UseLogonCookie=DIRECT and checking the option for "Remember my signon information" (you will see a checkbox "Remember my signon information", when you login to an HTML client), the HTML client should not ask for a user and password after the first login, until the Cookie expires and should automatically let you in.
Additional notes:
- UseLogonCookie = Defines whether user sign on information is saved in an encrypted cookie on the HTML client machine. This information includes user name, password, and environment. Values for this parameter in the JAS.INI are:
- TRUE User information is saved in an encrypted cookie that automatically populates the login
screen. - DIRECT Enables users to access login information in the cookie and bypass the login screen.
- FALSE User information is not saved in an encrypted cookie. You must use this setting when using the JAS Redirector.
- CookieLifeTime = Specifies the amount of time before a cookie expires, measured by the value of the CookieLifeTime unit parameter. The CookieLifeTime Unit parameter can be set to "day". The value for CookeLifeTime would equal to # of days.
In short :
The difference in brief is:
1. SSO is for HTML/portal logon.
2. Unified logon is between Windows and E1 Fat client logon.
Hope that helps..
No comments:
Post a Comment