Monday, February 25, 2019

Implementing Web Policy Agent on with AWS

In my previous post on Single Sign-On with AWS Cognito, my team successfully demo a way to implement Cross-Domain Single Sign-On with AWS Cognito. 

There are many ways to implement SSO. For a start, since Azlabs is very familiar with how Single Sign-On works, the team chose to minimize the changes required on existing applications that were protected by traditional web policy agents. 

The assumption is that if any of our customers were to port over to AWS, there is minimal impact during migration. 

How can we achieve this? 

Let's take a look at how traditional SSO works. 
1. There is a Policy Server where A+A (Authentication & Authorization) takes place
2. There is a Web Server where a web application (Web Resource) is deployed
3. There is a Web Policy Agent sitting on the same Web Server intercepting traffic to the Web Resource. 
4. The Web Policy Agent queries the Policy Server for A+A decisions.

Illustration 1


Illustration 2


Let's build a "Policy Agent + Policy Server" concept in AWS!




.


No comments:

Post a Comment