Directory Services Consolidation in Java Implement Code-39 in Java Directory Services Consolidation

11. generate, create barcode 39 none on java projects International Standard Serial Numbers Directory Services Consolidation server, they have to be authenticated by another mechanism, usually through LDAP. Since there is no way to pass authentication verification between these two systems, users must log in twice. SiteMinder solves this multiple login problem by providing a central point for all authentication.

Instead of being authenticated by each web service, users are authenticated by SiteMinder instead. After the user is authenticated, a special encrypted cookie is created and used for subsequent logins to different web-based services and applications. Even though users are automatically authenticated, you can curtail their access rights to specific resources by establishing access control policies through SiteMinder s security policy management features.

. How SiteMinder Works The SiteMinder produc t provides more than single sign-on capability. A full description of all these features can be found at the Netegrity Web site: http:// www.netegrity.

com. Included here is a brief description of how SiteMinder works, to give you an idea of how it would be deployed in a corporate environment. The SiteMinder software consists of two main components:.

SiteMinder Policy Server SiteMinder Web Agent The Policy Server pro vides authentication, among other services, to web-based applications. The Web Agent is integrated with a standard web server and is the component that allows the web server to be managed by SiteMinder. It intercepts all requests for resources (URLs), then decides whether the specified resource is under SiteMinder s control.

If it is, the Policy Server is contacted. The Policy Server acts as a front end to whatever authentication method is being deployed within your organization. These include:.

s s s Basic authentication (user-name/password) Basic authentication over SSL Authentication schemes ACE/Server (Security Dynamics) CryptoCard s RADIUS Proxy Forms-based authentication X.509 certificates Custom or third-party schemes. s s s Use some of these sch emes in combination to provide stronger authentication. You can establish priority levels for finer control over resources. For example, if users are authenticated by a method that has a lower priority than the resource they are.

Solaris and LDAP Naming Services accessing, then an at tempt to authenticate them at a higher level is made. Conversely, if users are already authenticated at a high-priority level, then no further authentication is required..

FIGURE 11-1 illustrates how single sign-on is achieved with SiteMinder. Web Server A URL Web Agent User Credential Web Agent Web Server B Policy Server user LDAP FIGURE 11-1. RADIUS NT Domains SiteMinder Single Sign-on In FIGURE 11-1, the u jboss barcode 3/9 ser accesses an URL that is located on Web server A, which has the SiteMinder Web Agent running on it. The agent checks to see if the requested URL is under SiteMinder control, and if it is, the agent contacts the Policy Server, which authenticates the user according to established policy rules. Once the user is authenticated, an encrypted cookie or user credential is created and passed to the other web servers under SiteMinder control.

When the same user tries to access a URL on Web server B, the Web Agent can then grant access according to the user credential it was passed, eliminating the need for a second user login.. Limitation of SiteMinder SiteMinder was design javabean barcode 3 of 9 ed to work in a web server environment, where authentication is triggered upon a URL request. When a user logs into a computer, authentication is handled by the underlying operating system, instead of being initiated by a web server. Since there is no way to pass the authentication information to SiteMinder from the operating system, the user would have to log in again to gain access to web service applications.

Even though SiteMinder is a valuable tool for creating an SSO environment between disparate web applications, the user is still required to log into the platform from which the web applications will be launched. SiteMinder also requires that an agent. 11 . Directory Services Consolidation be installed on each web server that will participate in the SSO environment. The agents are written with web server extension APIs such as ISAPI for Microsoft IIS and NSAPI for iPlanet Web server, and so must be provided by Netegrity..

Copyright © . All rights reserved.