Scenario: Enabling single sign-on for ISV applications

You are the lead application developer for an independent software vendor (ISV), and are responsible for overseeing the applications that your company develops and delivers to IBM® i Access Client Solutions customers. You know that IBM i Access Client Solutions provides your customers with the capability of creating and participating in a single sign-on environment. You want your applications to leverage these single sign-on capabilities because you feel it will help sell your product. You decide to market an application called Calendar to IBM i Access Client Solutions customers that use network authentication service and Enterprise Identity Mapping (EIM) to create their single sign-on environment. The Calendar application allows users to view and manage their workday schedule. Enabling the Calendar application for single sign-on requires you to include server specific code within your application which enables it to participate within a single sign-on environment. You have previous experience creating applications that call EIM APIs, but this will be your first time working with an application that also calls network authentication service APIs.

You want to be able to market your Calendar application to IBM i Access Client Solutions customers who are interested in applications that are capable of participating in a single sign-on environment. You want to enable the server side of the Calendar application to participate in a single sign-on environment. You have the following objectives, as you complete this scenario:

• You want to change the server specific part of an existing Calendar application or develop a new Calendar application which participates in a single sign-on environment that uses EIM and network authentication service.
• You want to create a single sign-on environment in which you can test your application.
• You want to test your Calendar application and ensure that it successfully participates in a single sign-on environment.

Implementation of this scenario depends on the following assumptions and prerequisite conditions:

• You want your Calendar application to participate in a single sign-on environment that is configured to use Kerberos and EIM.
• You already have experience creating applications for the IBM i Access Client Solutions platform.
• You have configured your IBM i system to participate in a Kerberos realm.
• You write applications in one of the following languages:
  • You use an ILE programming language, such as C, to write your applications and you are familiar with the GSS API set.
  • You use Java™ to write your applications and you are familiar with the JGSS API set.
    Note: You might also require the Java toolbox, depending on which set of JGSS APIs you use.
• You have already completed the client-specific portion of your application, enabling it to use Kerberos authentication.