Single sign-on (SSO)

Single sign-on allows a user to enter one name and password in order to access multiple applications. Genero Application Server supports three kinds of single sign-on.

Kerberos

Kerberos authentication provides a single sign-on from the user logging in on the desktop to the database connection using impersonation. It is used to run the DVM with the logged user identity. To use, you need a Kerberos infrastructure and a strong knowledge of Kerberos.

Kerberos is intended for the Genero Web Client and Genero Desktop Client applications only. It is not intended for Genero Web Services.

Note: Support for Kerberos is deprecated. Use OpenId or SAML instead.

See Kerberos authentication.

OpenId

OpenId is used for standard Web applications that handle many users. OpenId is intended for public Web applications. A user has the same identifier that he can use on different web sites. Information maintained on the identity of the user is limited.

See OpenID SSO and the Genero Application Server.

SAML

SAML is used for standard Web applications that handle many users. SAML is intended for private or intranet Web applications. You have to be referenced on one of the trusted identity providers. You can exchange custom information (attributes) on the identity.

See SAML SSO and the Genero Application Server