One-way Access Manager achieves this integration is through the Access Gateway component – an HTTP proxy. As the access point for web applications, it provides security via:
- Web single sign-on
- Identity injection
- Data encryption
And it does all this without requiring modification to web applications.
Your administrator can configure different single sign-on policies for each resource and require different Authentication Contracts as needed.
When a user attempts to access a resource with an authentication requirement, Access Gateway redirects the user to Identity Server with a request for a specific Authentication Contract.
After Identity Server provides the required validation, the user automatically returns to Access Gateway with a successful authentication and role information.
The role information – which can be supplemented by additional queries of the user's identity – determines whether the user is authorized to access the requested resource. Access Gateway also forwards identity information to the web server, and you can use this information to personalize content or perform additional policy enforcement. For example, the policy-enabled identity injection feature of Access Gateway can leverage the SAML interface to extract identity information and then inject it into web headers or query strings.
With Access Gateway, your existing web applications can support new identity services without any modification, and you can narrow authorization requirements down to a specific URL.
Access Gateway can encrypt web server content, so there's no need to install SSL certificates on each server. Because the single sign-on process is browser based, there's no client to install on end-user machines.