What Are Single Sign-on Domains?
The main purpose of an SSO domain is to allow different methods for user authentication for different applications within the system. An SSO domain includes a primary service, a set of reference services, and specifications that determine user access. The primary service properties determine the authentication method for all service users in the domain.
When configuring the system for SSO, the simplest (and default) method is to create a single domain that consists of all installed services using a single authentication method specification through reference to the primary service. The same authentication method is used for all applications and services, for all users, no matter whether they access the system from an internal network location or from an external web site.
An example of a single domain configuration for a Landmark application is shown in the following illustration. In this configuration, a supplier (who is external to the company) accesses a web application (Supplier) from an external (outside the firewall) browser. The internal buyer accesses another set of applications through an internal network, and a Lawson administrator could access another set of Environment applications through the internal network. In this single domain configuration, all users are authenticated through the same primary service using the same login scheme.
The following illustration shows how the applications might be configured using two SSO domains to allow different internal and external authentication methods. In this example, the Supplier application and selected Environment services (such as password management) are accessible through the external web browser. The internal buyers and administrators access a different set of Sourcing and Environment services through the second domain.
In this example, external users could be authenticated through an XRefLookup method and internal users could be authenticated using an LDAP Bind method. Adding or Updating Login Schemes
The next diagram shows the relationship of the physical machine, the web or application servers, and the domains to a dual SSO Domain configuration. One or more web or application servers are installed on a physical machine, and Landmark SSO domains are mapped to a web or application server using HTTP endpoints.