| Authentication |
Verifies the user ID and password entered by a user who attempts to login, in order to confirm that the user is a registered legitimate user. |
| Authorization |
Controls access on a URL by URL basis by verifying whether a user who requests access to a service is authorized to access the service. |
Single Sign-On
(SSO) |
Provides the users with the ability to authenticate only once and then have access to all of the applications, documents, database, and other services they are authorized to use without any additional authentication. |
| Session Management |
HP IceWall SSO uses session IDs to manage single sign-on sessions. It performs authentication (logon state) verification and user access control (per URL) by referencing the session IDs. Session management provides support for browsers with cookies disabled as well. |
| Reverse Proxy |
When a client requests access to one of the Web servers that reside on the backend, the IceWall server accepts the request before they reach the backend. Then the IceWall server analyzes the URL specified in the request and relays the request information to the appropriate backend Web server.
Since all client access requests are handled through the IceWall server, you can create a highly secure environment by ensuring the security of the IceWall server. |
| URL Conversion (URL Masking) |
Substitutes a specified replacement name for the host or domain name part of every URL that is contained in the information received from a back-end Web server. This functionality ensures that any backend Web server information is invisible to (masked from) the clients. |
| Keyword Conversion (Keyword Masking) |
This functionality complements URL Conversion by substituting specified replacement strings for certain keywords that may be contained in the information received from a backend Web server. |
| Information Inheritance |
Populates HTTP headers with environment variables including user login credentials as well as appropriate information from the authentication database so that the backend Web servers can inherit those environment variables. You can specify which environment variables should be passed to which back-end Web server. |
| Password Update |
Allows end users to change their own passwords registered with the authentication database. HP IceWall SSO supports very strong password policies and also provides the ability to output password expiration warnings. |
| Automatic Form Authentication |
Most conventional solutions do not fully support Web servers that use form authentication and require you to customize or modify such backend Web servers before you can establish connection with them. In contrast, with its extensive support for 48 patterns based on 11 different form authentication methods, HP IceWall SSO allows you to connect to any backend Web servers that use form authentication by just configuring a few settings on the IceWall server without having to modify the servers themselves. |
| User exit routines |
HP IceWall SSO comes with user exit routines (extended APIs) that allow you to support a variety of standard authentication methods and modify HTTP message formats among other things. |
| Anti Cross Site Scripting |
Applications running on backend Web servers are often vulnerable to malicious scripts that attempt to steal cookies or other user specific information.
Web application level attacks that use such malicious scripts are referred to as "Cross Site Scripting."
As preventive measures against Cross-Site Scripting, HP IceWall SSO provides four filters: GET Send Data, POST Send Data, HTML, and Host filters.
HP IceWall SSO also allows you to capture logs of access attempts that would be blocked with the filters enabled, rather than actually applying the filter settings. This is helpful in creating more effective Anti Cross Site Scripting filter settings. |
| Anti Buffer Overflow |
A "Buffer Overflow" attack occurs when attackers purposely overload the buffer on a Web server to wreak havoc on the victim machine by sending requests that contain extraordinarily long URLs to the server.
When HP IceWall SSO encounters a URL or QUERY_STRING value longer than a certain limit, it prevents possible Buffer Overflow attacks by truncating the value. |
| Verbose Logging |
HP IceWall SSO allows you to capture the following logs: error logs; trail logs useful in monitoring any unauthorized login attempts; performance logs useful in monitoring how long it takes for the back-end Web servers and the authentication database to respond; traffic logs useful in monitoring the number of access and login attempts; and status logs useful in monitoring the number of logged-in users. |
| Performance Monitoring Tools |
Performance Monitor Tools can be used to generate performance reports.
Using Performance Monitor Tools, you can easily analyze the performance of HP IceWall SSO.
These tools are useful, for example, in performance testing prior to the production deployment of HP IceWall SSO or in analyzing performance issues that may occur on the production system. |
Printable version
