You install the Distributed Authentication UI server subcomponent on one or more servers within the DMZ layer of an OpenSSO Enterprise deployment. This subcomponent acts as an authentication interface between end users and the OpenSSO Enterprise instances behind the second firewall, thus eliminating the exposure of the OpenSSO Enterprise service URLs to the end users.
The following figure shows a Distributed Authentication UI server deployment scenario.
The Distributed Authentication UI server must be installed in a supported web container, as listed in OpenSSO Enterprise 8.0 Requirements.
To generate a Distributed Authentication UI server WAR file, your JAVA_HOME environment variable must point to a JDK of version 1.5 or later.
Several other considerations for a Distributed Authentication UI server include:
If you are deploying multiple Distributed Authentication UI servers behind a load balancer, stickiness is not required for the load balancer to talk to only one Distributed Authentication UI server for authentication process completion.
The Windows Desktop SSO and MSISDN authentication modules are not supported through the Distributed Authentication UI.