A Thai Bank customer is looking to further enhance their Sun Access Manager deployment. I have previously deployed Access Manager Policy Agent for them. This Policy Agent will authenticate with the back-end Access Manager directly (by-passing a firewall which sits in-between).
See dotted blue-line for current deployment.
Well, with Sun Access Manager, there is another component which we can plug in-between which will not violate the rule of by-passing the firewall - Distributed Authentication UI Server.
It sits very nicely in the same zone (application zone) where the Policy Agents is. And it can bridge the gap between the user's browser (internet zone) and the Sun Access Manager (database zone) for user's authentication.
Simple idea. Great solution!
See more here.