SRA Gateway
40
Portal Server 6 2005Q1 • Deployment Planning Guide
•
Mandatory server authentication
. The client must authenticate the server.
•
Optional authentication
. The server is configured to authenticate the client.
Personal Digital Certificate (PDC) authentication is a mechanism that authenticates
a user through SSL client authentication. The Gateway supports PDC
authentication with the support of Access Manager authentication modules. With
SSL client authentication, the SSL handshake ends at the Gateway. This PDC-based
authentication is integrated along with the Access Manager’s certificate-based
authentication. Thus, the client certificate is handled by Access Manager and not by
the Gateway.
If the session information is not found as part of the HTTP or HTTPS request, the
Gateway directly takes the user to the authentication page by obtaining the login
URL from Access Manager. Similarly, if the Gateway finds that the session is not
valid as part of a request, it takes the user to the login URL and at successful login,
takes the user to the requested destination.
After the SSL session has been established, the Gateway continues to receive the
incoming requests, checks session validity, and then forwards the request to the
destination web server.
The Gateway server handles all Netlet traffic. If an incoming client request is Netlet
traffic, the Gateway checks for session validity, decrypts the traffic, and forwards it
to the application server. If Netlet Proxy is enabled, the Gateway checks for session
validity and forwards it to Netlet Proxy. The Netlet Proxy then decrypts and
forwards it to the application server.
Gateway Access Control
The Gateway enforces access control by using Allowed URLs and Denied URLs
lists. Even when URL access is allowed, the Gateway checks the validly of the
session against the Access Manager session server. URLs that are designated in the
Non Authenticated URL list bypass session validation, as well as the Allowed and
Denied lists. Entries in the Denied URLs list take precedence over entries in the
Allowed URLs list. If a particular URL is not part of any list, then access is denied
to that URL. The wildcard character,
*
, can also be used as a part of the URL in
either the Allow or Deny list.
NOTE
Because 40-bit encryption is very insecure, the Gateway provides an
option that enables you to reject connections from a 40-bit
encryption browser.
Содержание Portal Server 6 2005Q1
Страница 8: ...8 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 10: ...10 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 12: ...12 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 20: ...Sun Welcomes Your Comments 20 Portal Server Secure Remote Access 6 2005Q1 Administration Guide...
Страница 36: ...A Typical Portal Server Installation 36 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 50: ...Proxylet 50 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 78: ...SRA Sizing 78 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 132: ...Identity and Directory Structure Design 132 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 142: ...Configuration Files 142 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 152: ...Tuning Parameters for etc system 152 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 158: ...Portal Server on an Application Server Cluster 158 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 178: ...Portal Design Task List 178 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 180: ...Comparison of Solaris and Linux Path Names 180 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 182: ...182 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 192: ...Section X 192 Portal Server 6 2005Q1 Deployment Planning Guide...