Distributed Authentication User Interface

Access Manager provides a remote authentication user interface component to enable secure, distributed authentication across two firewalls. A web browser communicates an HTTP request to the remote authentication user interface which, in turn, presents a login page to the user. The web browser then sends the user login information through a firewall to the remote authentication user interface which, in turn, communicates through the second firewall to the Access Manager server. The Distributed Authentication User Interface enables a policy agent or an application that is deployed in a non-secured area to communicate with an instance of the Access Manager Authentication Service installed in a secured area of the deployment. The following figure illustrates this scenario.

Figure 3–1 Distributed Authentication

The Distributed Authentication User Interface uses a JATO presentation framework and is customizable. (See screen capture in Authentication Service User Interface.) You can install the Distributed Authentication User Interface on any servlet-compliant web container within the non-secure layer of an Access Manager deployment. The remote component then works with the Authentication client APIs and authentication utility classes to authenticate web users. For a more detailed process flow, see User Authentication. For detailed installation and configuration instructions, see Chapter 11, Deploying a Distributed Authentication UI Server, in Sun Java System Access Manager 7.1 Postinstallation Guide.