TABLE OF CONTENTS Single sign-on (SSO), centralized security, LDAP and Active Directory integration these are all things that many organizations are trying to achieve. FireWall-1 NG can now start closing some of those gaps, particularly where Web applications are involved. UserAuthority can, for example, authenticate external visitors to your Web site against a centralized Windows Active Directory, without modifying the Web site. Check Point supplies WebAccess, a plug-in for IIS, that when combined with the UserAuthority Server gives you the capability to have Check Point control the authentication and traffic flow to your Web server.
UserAuthority can also provide an SSO mechanism for internal users, encompassing internal Web applications and authenticated Internet access. This chapter discusses the features of UserAuthority and the methods for deploying it.
At the heart of UserAuthority is the UserAuthority server. This application performs two functions:
Storage and management of the UA credentials database
Provision of a secure interface, allowing remote applications access to the UA credentials database and context details relevant to a connection or user ID
The user credentials database is called the UA Credentials Manager (UACM). It could be thought of as holding user wallets, each of which stores application authentication credentials for a particular user. So, for example, user Bob could have different usernames and passwords for accessing a Web-based e-mail gateway and an intranet server. This information can be stored in Bob s wallet in the UA credentials database. When Bob accesses a UA-enabled Web application for the first time, he will be...
