Single Sign-On (SSO)
Introduction
Goal
Understand how Bloomreach Experience Manager's architecture supports single sign-on integration in enterprise environments.
Background
Organizations who implement Bloomreach Experience Manager in their enterprise environment may want to integrate with their existingsingle sign-on (SSO) solution. This page explains how Bloomreach Experience Manager's system architecture supports SSO integration. Specific integrations are described separately.
Enterprise SSO-Enabled Architecture
The deployment diagram below shows Bloomreach Experience Manager's SSO-enabled system architecture:
- Typically the HTTPS connection forbrowser clients isconfigured and enabled in thereverse proxy layer (Apache Web Server).
- Typically thereverse proxy redirects client requests to the enterpriseSSO server for authentication. Once authenticated, the request is redirected back with a valid security token.
- Applications running on theapplication server can access the enterpriseSSO server to validate security tokens if needed.
- Alternatively theauthoring anddelivery applications running on theapplication server can also authenticate users against theLDAP server ifconfigured.
- Alternatively theauthoring anddelivery applications running on theapplication server can also authenticate users through eitherform authentication,JAAS orSpring Security integration.Spring Security integration is capable of integrating with an enterpriseSSO server seamlessly.
Requests to Exclude
Requests to the following paths should not be redirected to the enterprise SSO server:
- /cms/ws/indexexport (Lucene index export)
- /cms/ping (CMS Ping Filter)
Specific Integrations