Configuration Requirements for LW-SSO Support

Applications that are part of the software group configured for LW-SSO must meet the following requirements:

  • Each application must have a token expiration configured (see LW_SSO_EXPIRATION_PERIOD). The expiration value must be at least as high as that of the application session expiration value.

    Note: We recommend that you set the value to 60 (minutes). For an application that does not require a high level of security, you can configure a value of 300 minutes.

  • All applications that participate in the LW-SSO integration must use the same GMT time.

  • If applications that participate in the LW-SSO integration are required to integrate with applications in different DNS domains, then multi-domain functionality requires that trusted hosts settings (or the protectedDomains settings) are configured for each. In addition, you must add the correct domain in the lwsso element of the configuration for each participating application.

  • To receive information sent as SecurityToken for URL from other applications, the host application must have the correct domain specified in the lwsso element of the configuration.