locked
How to integrate external application through single Sign On (SSO) in SharePoint 2010? RRS feed

  • Question

  • In our SharePoint portal, a  provision to connect to external application which are based on J2EE .  All the external applications will be supporting the Single Sign On (SSO) feature means they should not  throw loin  prompt once user authenticated into SharePoint portal.

     Please suggest your steps.

     

    Sunday, January 29, 2012 12:50 PM

Answers

  • SSO for SharePoint is not for helping you log into other applications.  It's for authenticating to external data sources.  It's not used for browsing from SharePoint to the other application - that's not what is meant by Single Sign-On.  SSO is only for exposing external data into the SharePoint interface, so is that what you're trying to do?  If so, please explain how you're doing it and what you've tried so far.
    SharePoint Architect || Microsoft MVP || My Blog
    Planet Technologies || SharePoint Task Force
    • Edited by Clayton Cobb Sunday, January 29, 2012 5:17 PM
    • Proposed as answer by Murugesa Pandian Sunday, January 29, 2012 5:36 PM
    • Marked as answer by GuYuming Tuesday, January 31, 2012 5:46 AM
    Sunday, January 29, 2012 5:12 PM
  • Hi Ramesh,

    If your application hosted on Where SharePoint server installed and your J2EE application use the windows authentication,I can suggest you to use the PageViewer WebPart.


    Murugesa Pandian,MCTS
    • Marked as answer by GuYuming Tuesday, January 31, 2012 5:46 AM
    Sunday, January 29, 2012 5:39 PM

All replies

  • SSO for SharePoint is not for helping you log into other applications.  It's for authenticating to external data sources.  It's not used for browsing from SharePoint to the other application - that's not what is meant by Single Sign-On.  SSO is only for exposing external data into the SharePoint interface, so is that what you're trying to do?  If so, please explain how you're doing it and what you've tried so far.
    SharePoint Architect || Microsoft MVP || My Blog
    Planet Technologies || SharePoint Task Force
    • Edited by Clayton Cobb Sunday, January 29, 2012 5:17 PM
    • Proposed as answer by Murugesa Pandian Sunday, January 29, 2012 5:36 PM
    • Marked as answer by GuYuming Tuesday, January 31, 2012 5:46 AM
    Sunday, January 29, 2012 5:12 PM
  • Hi Ramesh,

    If your application hosted on Where SharePoint server installed and your J2EE application use the windows authentication,I can suggest you to use the PageViewer WebPart.


    Murugesa Pandian,MCTS
    • Marked as answer by GuYuming Tuesday, January 31, 2012 5:46 AM
    Sunday, January 29, 2012 5:39 PM
  • Thanks Clayton and Murugesa for your reply.

     You are trying to say that configuring external application URL in PageViewr Webpart of SharePoint portal  will be sufficient?.

     

    Thanks,

    Ramesh

     

    Sunday, January 29, 2012 7:20 PM
  • Hi Ramesh,

    Exactly its not sufficient.In case if your J2EE application using the non windows authentication method to login,then user need to enter the sharepoint login credentials to access the SP Pages.


    Murugesa Pandian,MCTS
    Monday, January 30, 2012 5:23 AM
  • Hi Murugesa,

        J2EE application is also  using windows authentication.

       Our assumption is, both  Sharepoint portal  and External application  should support SSO configuration so that each can communicate.

        Please clarify.

     

    Regards,

    Ramesh

     

     

      

    Monday, January 30, 2012 6:13 AM
  • The idea is as follows: if SP supports Windows authentication, a user logs in without needing to enter the login credentials. This does mean that both the client and server have to be in the same domain or trusted domain. As soon as the user makes a request to the SharePoint resource, IIS requests the browser to authenticate and the browser responds by sending a token representing the user. This is all done under the hood, so the end user has the experience that he/she uses SP without explicitly logging in.

    If the J2EE app also supports Windows authentication, the same applies, and the end user doesn't explicitly have to provide credentials (although the browser does that for him). Because of this, you can use the page viewer web part to point to the J2EE app, which is functionally equivalent to adding an IFRAME to a SharePoint page.

    The reason that this works is that both apps support Windows authentication, this is totally unrelated to SSO, where you authenticate to one app which provides a trusted token to the next app. Also be very clear about the SharePoint Secure Store Service (SSS): it's a safe place for storing credentials and therefore a valuable asset in an SSO scenario, but it doesn't contain any functionality that logs in at another application for you. You have to provide that for yourself.


    Kind regards,
    Margriet Bruggeman

    Lois & Clark IT Services
    web site: http://www.loisandclark.eu
    blog: http://www.sharepointdragons.com


    Monday, January 30, 2012 9:10 AM
  • Hi Ramesh,

    Its OK now as for as your J2EE application also based on Windows Authentication,User will not be prompt login credential popup window as they can access the SP site.Go ahead with PageViewer WebPart.


    Murugesa Pandian,MCTS
    Monday, January 30, 2012 12:16 PM
  • One kind of Single Sign On is achieved through WS-Federation. Does your J2EE application work as relying party for ADFS v2, or shibboleth.

    Please read http://technet.microsoft.com/en-us/library/adfs2-step-by-step-guides(WS.10).aspx for more

    Tuesday, January 31, 2012 5:51 AM
  • I have a application which runs on Java. and for authentication its using Live Links Groups through custom coding.

    Now the requirement is.

    Instead of live link Groups , we want sharepoint groups to be used and authenticate the that Java application. 

    is it possible?

    Do we need to expose Authentication to the other apps? 

    http://social.technet.microsoft.com/Forums/en-US/sharepoint2010general/thread/c91ec0e6-86b8-498a-8980-7b6a643f4222

    please go thru this requirement in details.

    Regards

    Guru


    Guruprasad Marathe
    Thursday, February 2, 2012 12:16 PM