KB14486 - Is SSO supported when using access mechanism other than web-rewrite?

Is Single-Sign on (SSO) supported when using remote access mechanisms like Secure Application Manager (WSAM / JSAM) or Network Connect (NC)?

PCS administrator can only configure SSO policy to automatically pass user credentials / variables to a Web / File server application when using web-rewrite as the access mechanism.

They cannot configure a SSO policy when using access methods other than web rewrite (Eg., WSAM, JSAM, NC).

This is not a limitation, its working as intended. The reason why PCS admins are not given an option to create SSO policy when exclusively using WSAM, JSAM or NC is because the traffic is not intermediated by the PCS Content Intermediation Engine (CIE).

When traffic does not go through the CIE PCS does not initiate a request to the backend server, the clients request is directly passed to the backend server.

Although the traffic is securely passing through PCS over an SSL session the server will still receive connection requests as if coming from the end client directly.

Hence an SSO policy created cannot be applied to these resources. 

Currently SSO policy only applies to Web and File server resources.


For more information on CIE please refer to Content Intermediation Engine