Application Single Sign-On for VMware Tanzu^® (AppSSO) provides APIs for curating and consuming a "Single Sign-On as a service" offering on Tanzu Application Platform.

With AppSSO, Service Operators can configure and deploy authorization servers. Application Operators can then configure their Workloads with these authorization servers to provide Single Sign-On to their end-users.

AppSSO allows integrating authentication and authorization decisions early in the software development and release life cycle. It provides a seamless transition for workloads from development to production when including Single Sign-On solutions in your software. It's easy to get started with AppSSO, deploy an authorization server with static test users, and eventually progress to multiple authorization servers of production-grade scale with token key rotation, multiple upstream identity providers, and client restrictions.

AppSSO's authorization server is based off of Spring Authorization Server.

Install Application Single Sign-On

AppSSO installation documentation describes how to install Application Single Sign-On (AppSSO) from the Tanzu Application Platform package repository.

Note:

Use the AppSSO installation documentation if you do not want to use a profile to install packages. Both the run, iterate and full profiles include AppSSO. For more information about profiles, see About Tanzu Application Platform components and profiles.

Getting started with Application Single Sign-On

If this is your first time using AppSSO, see the full Getting Started guide.

If already have a basic understanding of AppSSO, and want to integrate with Tanzu Application Platform Workloads, see Register an app with AppSSO.