Single Sign-On Planon Web Client

Technical references : Administration : Single Sign-On Planon Web Client

This chapter describes how to configure Planon Web Client and the web server to support Single Sign-On (SSO) for on-premise customers on a Kerberos-enabled domain using:

• WAFFLE - only for Windows platform

• Apache SPNEGO implementation

• Tomcat Keycloak adapter - to be used to configure SSO via a Keycloak Server.

• Single sign-on is enabled using a Kerberos domain, but it can also be another authentication mechanism. WAFFLE or the Apache SPNEGO implementation takes care of the selection of the accepted mechanism. WAFFLE or the Apache SPNEGO implementation may come with a login prompt because it is not Kerberos but another mechanism.
• This chapter is NOT an installation guide or manual for Kerberos security, WAFFLE authentication, SPNEGO authentication or Keycloak.