Summary
Error
Trusted sign-on does not work on Web Tier SM7.0.1 on websphere and IBM http web server. The single sign on works on the windows client unlike the web client where it is not working. User will get to the login page of ServiceCenter instead of direct login.
Here is the RAD differences when logging in SSL on windows vs web. The username is properly passed over.
WINDOWS
831534(5034131) 04/10/2008 16:02:50 RTE D RADTRACE 61 [ 0] apm.global.initer RADReturn Unknown CPU( 0 1 )
831534(5034131) 04/10/2008 16:02:50 RTE D (0x333E4818) DBACCESS - Cache Term against file globallists
831534(5034131) 04/10/2008 16:02:50 RTE D RADTRACE 62 [ 0] login check.version decision CPU( 0 1 )
831534(5034131) 04/10/2008 16:02:50 RTE D RADTRACE 62 [ 0] login call.user.login user.login CPU( 0 1 )
831534(5034131) 04/10/2008 16:02:50 RTE D (0x33347448) DBACCESS - Cache Init against file datadict
831534(5034131) 04/10/2008 16:02:50 RTE D (0x33347448) DBACCESS - Cache Find against file datadict found 1 record, query: name="info"
WEBCLIENT
831534(1278177) 04/10/2008 16:08:10 RTE D RADTRACE 45 [ 0] apm.global.initer RADReturn Unknown CPU( 0 2 )
831534(1278177) 04/10/2008 16:08:10 RTE D (0x344E5B68) DBACCESS - Cache Term against file globallists
831534(1278177) 04/10/2008 16:08:10 RTE D RADTRACE 45 [ 0] login check.version decision CPU( 0 2 )
831534(1278177) 04/10/2008 16:08:10 RTE D RADTRACE 45 [ 0] login prompt.for.password rio CPU( 0 2 )
831534(1278177) 04/10/2008 16:08:10 RTE D (0x34404EF8) DBACCESS - Cache Find against file format found 1 record, query: syslanguage="en" and name="login.prompt.g"
831534(1278177) 04/10/2008 16:08:10 RTE D (0x344E5768) DBACCESS - Cache Find against file scmessage found 1 NULL record, query: syslanguage="en" and class="sctitle" and message.id="Login_1"
831534(1278177) 04/10/2008 16:08:10 RTE D Response for format: login.prompt.g in application: login,prompt.for.password, option:0
Cause
Fix
SCR 41342 opened for the Trusted sign-on documentation which does not mention that if you are doing trusted sign-on with the web client, you have to set isCustomAuthenticationUsed to false in the web.xml file.
As a workaround to resolve the trusted sign-on using the web tier SM7.0.1 is to change the "isCustomAuthenticationUsed" value to false in the web.xml file.