Jump to content Japan - English
HP Japan Home Products & Services Support & Drivers Solutions How to Buy
»  Contact Us
HP Japan home
Software(Japanese)  >  Security(Japanese)

HP IceWall SSO

Product Specifics > Options > What is Agent Option?
»

HP IceWall SSO
What Is HP IceWall SSO?
» What is Single Sign-On?
» What is HP IceWall SSO?
» Benefits
» Basic Features
Product Specifics
» Basic Architecture Diagram
» Options
» Case Studies
» White papers
» Brochures
Related Products
» HP IceWall Federation
» HP IceWall Remote Configuration Manager

Now available in India
(Last Update : 2012.4.26)
»  Navigate to HP IceWall SSO Option

What is HP IceWall SSO Agent Option?
Introduction of HP IceWall SSO Agent Module (this option) to the existing Web server enables access to Web application bypassing reverse proxy.

· URLs used to access Web application servers remain intact after deployment
A forwarder* that provides reverse proxy based authentication runs on the front end of Web servers by receiving requests from the clients and then relaying them to the Web servers. (See Figure 1 below.)
*A forwarder acts as reverse proxy that intervenes between the Web clients and back-end servers.



Due to this reason, deploying HP IceWall SSO in a reverse proxy configuration on an existing system will result in changes to the URLs used to access Web application servers.
Example: Before forwarder deployment:@http://data.hp.com/index.html
After forwarder deployment:@http://www.hp.com/fw/dfw/DATA/index.html

On the other hand, agent based authentication differs from reverse proxy based authentication in that it relies on authentication agents that are installed directly on existing Web servers and run as an integral part of the Web servers. (See Figure 2 below.)



Even after the deployment of the agents, the client will continue to directly access the Web servers and thus the URLs used to access the Web servers will remain intact.
Example: Before agents deployment:@http://data.hp.com/index.html
After agents deployment:@http://data.hp.com/index.html

· No content conversion occurs
A forwarder that provides reverse proxy based authentication receives all requests from the clients and then relays them to the back-end Web servers and this process involves automatic replacement of the URLs used to access the web servers with URLs via the forwarder. In contrast, no content conversion occurs with agent based authentication since it provides direct access to the existing Web servers.
This eliminates the need to revert changes to keywords that might otherwise occur when the solution is deployed.

· Provides as high a level of access control as when a forwarder is used
Installing the agents on Web servers allows them to provide as high level of access control as when a forwarder is used.
In addition, the agents provide more granular access control by allowing you, for example, specify particular content files that can be accessed without authentication and authorization or without authorization.

· User information of logged-in users can be obtained from HTTP headers
A forwarder provides the Web servers with HTTP headers that includes the user information of logged-in users and the session information specific to HP IceWall SSO among other things.
Similarly, agents can be configured to supply the Web servers with HTTP headers that include user and session information.

· Allows you to specify content files that can be accessed without authentication / authorization
Agents allow you to specify content files accessible without authentication / authorization. Users can view the specified content files under the control of agents without having to login into HP IceWall and without being subject to access control.
This way you can avoid unnecessary authentication and authorization, thus reducing the network load and improving the performance.
You can specify the files residing under a specific directory path or having a specific file name extension as those accessible without authentication / authorization.

· Allows you to specify content files that can be accessed without authorization
Agents allow you to specify content files accessible without authorization. Access control is applied to users only when they request access to the files for the first time and subsequently they are automatically allowed access under the control of agents without being subject to access control until the timer times out.
This reduces the overhead of access control, thus enabling faster content browsing, reducing the network load, and improving the performance.
You can specify the files residing under a specific directory path or having a specific file name extension as those that can be accessible without authorization until the timer expires.

· Allows you to specify the priority at which the ISAPI filter should be executed (for the IIS version only)
You can configure the priority at which the ISAPI filter should be executed.

» Back to the top of this page
Printable version
Privacy statement Using this site means you accept its terms  
Please note: all of the links on this page navigate you to pages in Japanese.