Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT
11121314151617181920
Web Policy Agents
14 Sun ONE Identity Server Policy Agents 2.1 Web Policy Agents Guide April 2005
An agent on a human resources server prevents non-human resources
personnel from viewing confidential salary information and other sensitive
data.
An agent on an Operations web server allows only network administrators to
view network status reports or to modify network administration records.
An agent on an Engineering web server allows authorized personnel from
many internal segments of a company to publish and share research and
development information. At the same time, the agent restricts external
partners from gaining access to the proprietary information.
In each of these situations, a system administrator must set up policies that allow
or deny users access to content on a web server. For information on setting policies
and for assigning roles and policies to users, see the Sun ONE Identity Server
Administration Guide.
How an Agent Interacts With Sun ONE Identity
Server
Figure 1-1 illustrates how a policy agent installed on a remote web server interacts
with Sun ONE Identity Server. When a user points a browser to a particular URL
on a protected web server, the following interactions take place:
1. The agent intercepts the request and validates the existing authentication
credentials. If the existing authentication level is insufficient, the appropriate
Sun ONE Identity Server authentication service will present a login page. The
login page prompts the user for credentials such as username and password.
2. The authentication service verifies that the user credentials are valid. For
example, the default LDAP authentication service verifies that the username
and password are stored in Sun ONE Directory Server. You might use other
authentication modules such as RADIUS and Certificate modules. In such
cases, credentials are not verified by Directory Server but are verified by the
appropriate authentication module.
3. If the user’s credentials are properly authenticated, the policy agent examines
all the roles assigned to the user.
4. Based on the aggregate of all policies assigned to the user, the individual is
either allowed or denied access to the URL.