SSO authentication introduces some technical challenges besides providing obvious benefits. Imagine for example that you need to assign different types or levels of authentication to different resources or different actions within a domain. E.g. you allow users to view information, if they successfully authenticate using user name and password, while you may require them to insert a special security code besides user name and password, if they want to start editing. Or you allow users to access general content using user name and password, while accessing specific content (e.g. admin content) needs a security certificate.
Now, what if the user is logged-in with one level or type of authentication, while she attempts to access a resource that requires a different level or type of authentication? Will she be asked to log-in again? What happens to the SSO session technically in such cases?
Liferay is a popular open source portal solution written in J2EE technology. It features abundance of portlets and plug-ins, as well as many integration options for popular access management and identity solutions. Unfortunately, OpenDJ is not found anywhere in the official (or extra official) documentation. No need to worry as the set-up is more or less trouble-free.