Security, encryption, and authentication, Portal server deployment components – Sun Microsystems Portal Server 6 User Manual
Page 28
Security, Encryption, and Authentication
28
Portal Server 6 2005Q1 • Deployment Planning Guide
You can add additional servers and Gateways for site expansion. You can also
configure the components of SRA in various ways based on your business
requirements.
Security, Encryption, and Authentication
Portal Server system security relies on the HTTPS encryption protocol, in addition
to UNIX system security, for protecting the Portal Server system software.
Security is provided by the web container, which you can configure to use SSL, if
desired. Portal Server also supports SSL for authentication and end-user
registration. By enabling SSL certificates on the web server, the Portal Desktop and
other web applications can also be accessed securely. You can use the Access
Manager policy to enforce URL-based access policy.
Portal Server depends on the authentication service provided by Sun Java System
Access Manager and supports single sign-on (SSO) with any product that also uses
the Access Manager SSO mechanism. The SSO mechanism uses encoded cookies to
maintain session state.
Another layer of security is provided by SRA. It uses HTTPS by default for
connecting the client browser to the intranet. The Gateway uses Rewriter to enable
all intranet web sites to be accessed without exposing them directly to the Internet.
The Gateway also provides URL-based access policy enforcement without having
to modify the web servers being accessed.
Communication from the Gateway to the server and intranet resources can be
HTTPS or HTTP. Communication within the Portal Server system, for example
between web applications and the directory server, does not use encryption by
default, but it can be configured to use SSL.
Portal Server Deployment Components
Portal Server deployment consists of the following components:
•
IAccess Manager
Access Manager provides user and service management, authentication and
single sign-on services, policy management, logging service, debug utility, the
administration console, and client support interfaces for Portal Server. This
consists of: