Single Sign‑On is an all-in-one solution for securing access to apps and APIs on VMware Tanzu Application Service for VMs (TAS for VMs). Single Sign‑On provides support for native authentication, federated single sign-on, and authorization. Operators can configure native authentication and federated single sign-on, such as SAML, to verify the identities of application users. After authentication, Single Sign‑On uses OAuth 2.0 to secure resources or APIs.
What Is Single Sign-On for VMware Tanzu Application Service?
Single Sign‑On enables users to log in through a single sign-on service and access other apps that are hosted or protected by the service. This improves security and productivity by removing the need for users to log in to individual apps. Developers are responsible for selecting the authentication method for application users. They can select native authentication provided by the User Account and Authentication (UAA) or external identity providers. UAA is an open source identity server project under the Cloud Foundry (CF) foundation that provides identity based security for apps and APIs. Single Sign‑On supports service provider-initiated authentication flow and single logout. It does not support identity provider-initiated authentication flow. All Single Sign‑On communication takes place over SSL.
After authentication, Single Sign‑On uses OAuth 2.0 for authorization. OAuth 2.0 is an authorization framework that delegates access to apps to access resources on behalf of a resource owner. Developers define resources required by an application bound to a Single Sign‑On service instance and administrators grant resource permissions. See the Configuring Applications topic for more details.
What's in the Single Sign-On for VMware Tanzu Application Service documentation?
This documentation provides information about how to install, configure, and use Single Sign-On for VMware Tanzu Application Service. In this documentation:
Introduces the concepts, components, and features of Single Sign-On for VMware Tanzu Application Service. |
|
Outlines the steps for installing, configuring, and using the Single Sign‑On for VMware Tanzu Application Service. |
|
Installing Single Sign-On for VMware Tanzu Application Service |
Provides instructions about how to install Single Sign-On for VMware Tanzu Application Service. |
Provides instructions for operators about how to manage Single Sign‑On for VMware Tanzu Application Service service plans. |
|
Provides instructions for operators about how to configure a Single Sign‑On for VMware Tanzu Application Service service plan to manage user access to TAS for VMs apps with the internal user store. |
|
Provides instructions for operators about how to configure a Single Sign‑On for VMware Tanzu Application Service service plan to manage user access to TAS for VMs apps using an external identity provider (IdP). |
|
Provides instructions for developers about how to create an instance of a Single Sign‑On for VMware Tanzu Application Service service plan in their space and bind it to an app. |
|
Provides instructions for developers about how to configure their apps to use Single Sign‑On for VMware Tanzu Application Service and use the SSO Admin Client to manage connections between SSO identity providers, apps, users, and other resources. |
|
Provides instructions for developers about how to define resources required by an app that is bound to a Single Sign‑On for VMware Tanzu Application Service service instance, and how an administrator grants resource permissions. |
|
A section containing topics that explain how to integrate various identity providers with Single Sign‑On for VMware Tanzu Application Service |
For information about new features, compatibility, component versions, and resolved and known issues, see the release notes for the latest release.
Use the Single Sign-On for VMware Tanzu Application Service docs
The Single Sign-On for VMware Tanzu Application Service documentation in HTML reflects the latest update release of each Single Sign-On for VMware Tanzu Application Service version. For example, version 1.14 contains updates for all 1.14.x releases. All our documentation comes in PDF format, which you can access by selecting the Download PDF icon on any page in the HTML documentation.
If you are logged in to docs.vmware.com with your VMware Customer Connect account, you can use MyLibrary to create custom documentation collections, that contain only the content that meets your specific information needs.