Single sign-on is the ability of a user to access multiple Hyperion applications after logging on only once. When an externally authenticated user logs on to a Hyperion application, an encrypted token is generated, which contains user credentials in this form:
As shown in Figure 1, the token is passed among other Hyperion applications and is used as needed to reauthenticate the user automatically when the user moves to another application. Single sign-on is effective in cases where one Hyperion application launches another. Note that if a user launches a second application independently, for example, from the Start Menu, a token cannot be passed between the applications, and the user must reauthenticate.
Analytic Services currently does not launch other Hyperion products, so single sign-on from Analytic Services to another application does not apply.
Tokens are encypted; however, additional security such as Secure Sockets Layer (SSL) protocol is recommended for prevention of replay attacks or man-in-the middle attacks.
To enable single sign-on between multiple Hyperion applications that launch one another, you must use a single XML configuration file that is shared by the multiple product installations.
©2004 Hyperion Solutions Corporation. All Rights Reserved. http://www.hyperion.com |