Appendix B: Security : Single Sign-On : Use Case 2
Use Case 2
This use case illustrates solution-to-solution authentication in which an SSO user is assigned to each solutions. In the following figure, two solutions need to communicate with each other. Before they start to communicate, they must verify each other's identity. To do so, each solution initiates a request from the SSO server to issue a SAML token that asserts its identity. As part of this request, the solution proves its identity using its own private key. After the SSO server has issued a token, the solution can use that token to access any other solution as if it were a normal user. For this use case to work, each solution must be registered with its public key in the SSO server.
Figure 64. SSO Solution-to-Solution Authentication