Allowing Both Traditional and the New Single Sign-on Methods to Logon to IBM Content Manager
Original Publication Date: 2001-Jul-12
Included in the Prior Art Database: 2003-Jun-20
In Windows NT and Windows 95, 98, and 2000 environments, Content Manager changes its logon methods to allow users to either use the traditional way (providing both user ID and password) or the single sign-on way (not providing user ID nor password) to logon to it. If the single sign-on method is used, this makes logon easier for users since no user ID nor password will be needed to logon. Any application can use this method to simplify user's logon procedure. Users won't even know that the logon procedure has happened in the application. Instead of using two different APIs, one is brand new and the other one already exists, for two different logon methods, we just use the existing API, SimLibLogon, to do both. To accomplish this, we added a new flag, SIM_SS_UNIFIED_LOGON, to perform a logical "and" to one of the two existing flags, SIM_SS_NORMAL, or SIM_SS_CONFIG. Inside SimLibLogon, if SIM_SS_UNIFIED_LOGON has not been specified, SimLibLogon will do business as usual and requires both user ID and password to be provided. However, if SIM_SS_UNIFIED_LOGON has been specified, SimLibLogon no longer requires user ID and password to be provided. Even if they are provided, SimLibLogon will not use them. The first thing SimLibLogon does is to find out the user ID that uses the Window's machine by calling Window's API (GetUserName), and use this name to continue the logon process. SimLibLogon then calls the Library Client API, LibConnectLibrary(). Inside LibConnectLibrary(), if the unified logon flag has been set, a new Library Client API, LibProcessWinAuth(), will be called. In the LibProcessWinAuth() API, it calls Window's SSPI functions, to authenticate the user's credentials. The steps to authenticate the credentials are these: 1. The client uses the SSPI functions to get the user's credentials.