Wednesday, June 9, 2010

Sun Access Manager SSO and Passlogix ESSO - Part II


In his environment, my customer has Sun Access Manager and Passlogix v-GO SSO in place.



There are 3 categories of applications:
1. Client-Server Applications (Legacy mainframe applications)
2. Non-Access Manager Protected Web Applications (Off-the-shelf web applications that cannot be customized for Sun Access Manager integration)
3. Access Manager Protected Web Applications


It's a large bank and there are many back-end applications. Pretty complex to adopt 2 different technology in 1 enterprise environment. However, this is just a interim solution.


The larger picture is to slowly:
1. Convert the client-server applications to web-based applications
2. Discard off-the-shelf web applications and build own customized web-based applications
3. Standardize all SSO to utilize Sun Access Manager


If the client has SSO like Passlogix on PC, how does Access Manager interact with the client?

I think I can better explain with the following diagram:



1. In each application that is to be Access-Manager protected, a Policy Agent is deployed. This agent acts as a Director.

2. If an application is accessed for the first time, the agent detects that the user credential is missing. It will redirect the user to the Sun Access Manager Login Page.

3. Now, at this moment of time, the v-GO SSO Client that resides on the user's PC detects that a pair of User ID and Password is required for the Sun Access Manager Login Page. It attempts to inject the required information and will automatically click the Submit button on-behalf of the user.

4. Sun Access Manager, upon receiving the user credential, authenticates and issue a SSO Token back to the application.

5. The agent, upon receiving the SSO Token, acknowledges that the user credential is valid and proceed to grant access to the web application's home page.

.

No comments:

Post a Comment