Monday, November 14, 2011

Agent-less SSO

Sometimes, legacy or COTS (commerical off the shelf) web applications cannot be customized to integrate with Policy Agent. That's where ESSO comes into play (and that explains why ESSO solution is never cheap, besides being cumbersome to deploy. of course, my opinion).

BitKoo and OpenIG have solutions that attempt to resolve this issue.

Basically, a Proxy/Gateway is introduced. This is where the access to the actual application is intercepted and password being replayed securely.

In the case of BitKoo, user credential is stored securely in a keystore.

On the other hand, OpenIG (aka ApexIdentity Gateway) integrates, out-of-the-box, with all 3rd party web access management solutions (e.g. OpenAM).

The key point is any web application can come on-board without ever modifying the target application again.


No comments:

Post a Comment