Distributed Authentication

Access Manager 7 2005Q4 includes the Distributed Authentication UI, which is a remote authentication UI component that provides for secure, distributed authentication across two firewalls in a deployment. Without the Distributed Authentication UI component, the Access Manager service URLs can be exposed to the end users. This exposure can be avoided by using a proxy server; however, a proxy server is not necessarily an acceptable solution for many deployments.

The Distributed Authentication UI component is installed on one or more servers within the non-secure (DMZ) layer of an Access Manager deployment. A Distributed Authentication UI server does not run Access Manager; it exists only to provide the authentication interface to end users through a web browser.

The end user sends an HTTP request to the Distributed Authentication UI, which in turn presents a login page to the user. The Distributed Authentication component then sends the user's request through the second firewall to an Access Manager server, which eliminates the need to open holes in the firewalls between the end users and the Access Manager server.

For more information, see the Technical Note: Using Access Manager Distributed Authentication.