Sun OpenSSO Enterprise 8.0 Technical Overview

Authentication Graphical User Interfaces

The OpenSSO Enterprise Authentication Service has two separate graphical user interfaces that can be used. The following sections contain information on them.

Authentication Service User Interface

The Authentication Service implements a user interface that is separate from the OpenSSO Enterprise administration console. The Authentication Service user interface provides a dynamic and customizable means for gathering authentication credentials. When a user requests access to a protected resource, the Authentication Service presents a web-based login page and prompts the user for the appropriate credentials based on the configured authentication module or chain. Once the credentials have been passed back to OpenSSO Enterprise and authentication is deemed successful, the user may gain access to the protected resource if authorized to do so. The Authentication Service user interface can be used for the following:

Below is a screen capture of the default Authentication Service user interface.

Figure 7–2 Authentication Service User Interface

Screen capture of the Authentication Service
User Interface

OpenSSO Enterprise provides customization support for the Authentication Service user interface. You can customize JavaServer Pages™ (JSP™) and the file directory level by organization, service, locale, or client type. See Chapter 13, Customizing the Authentication User Interface, in Sun OpenSSO Enterprise 8.0 Developer’s Guide for more information.

Distributed Authentication User Interface

OpenSSO Enterprise also provides a remote authentication user interface component to enable secure, distributed authentication across two firewalls. A web browser communicates an HTTP request to the remote authentication user interface which, in turn, presents the appropriate module login page to the user. The web browser then sends the user login information through a firewall to the remote authentication user interface which, in turn, communicates through the second firewall with OpenSSO Enterprise. The Distributed Authentication User Interface enables a policy agent or an application that is deployed in a non-secured area to communicate with the OpenSSO Enterprise Authentication Service installed in a secured area of the deployment. Figure 7–3 illustrates this scenario.

Figure 7–3 Distributed Authentication Process

This figure illustrates the Distributed Authentication
Service located in a non-secured area and the Authentication Service
in a secured area.

The Distributed Authentication User Interface uses a JATO presentation framework and is customizable. (See screen capture in Authentication Service User Interface.) You can install the Distributed Authentication User Interface on any servlet-compliant web container within the non-secure layer of a OpenSSO Enterprise deployment. The remote component then works with the Authentication client APIs and authentication utility classes to authenticate web users. For a more detailed process, see User Authentication. For detailed installation and configuration instructions, see Chapter 9, Deploying a Distributed Authentication UI Server, in Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.