Single Sign-On

A single sign-on feature is supported by SNA Server to automate the overall logon process. When configured for this feature, SNA Server automatically replaces special keywords in the data stream with the actual host user name and password at appropriate points in the session. This feature must be enabled by the SNA administrator within an SNA Server subdomain and special strings must be entered for user name (MS$SAME) and password (MS$SAME) which will be replaced.

When using single this sign-on feature with the OLE DB Provider for AS/400 and VSAM, the account that the SNA DDM Service is running in is used as the sign-on account. Thus, if the SNA DDM Service is running in the system account, single sign-on will always fail since the user name and password of the system account will be substituted rather than the actual user's name and password.

This feature can be exploited under certain circumstances when using the OLE DB provider in combination with active server pages or other web access schemes. If you want to use a single user account (UID) and password without revealing it through the web page, the single sign-on provisions can be used so that the system service account UID and password are used.