4. Product Configuration

The goal of this Implementation Guide is to explain how ClearTrust and SilverStream eXtend Application Server 3.75 can be integrated. It explains how to use ClearTrust as a single sign-on product and to secure pages and other objects on a SilverStream Application Server. It is assumed that the reader has both products up and running and has a working knowledge of them. This document is not intended to suggest optimum installations or configurations.

Integration Overview

The SilverStream Web Server Integration (WSI) module and ClearTrust can be used together on a Web server (IIS or iPlanet). When integrated, ClearTrust will provide authentication and authorization services at the Web server, and the WSI module will provide the access to the SilverStream Application Server.

Authentication and authorization take place at the Web server with the ClearTrust service, therefore, the SilverStream application does not need to know about and check the authorization of every user. Instead, it only needs to authenticate and authorize a single user (the user that the WSI module is configured to use). The WSI module intercepts the authentication headers that will be forwarded to the SilverStream Application Server, and replaces the ClearTrust credentials with credentials of a single known SilverStream user.

The WSI then returns the response. You specify which URLs the WSI module will forward using a configuration file that the WSI reads when the Web server starts. To improve response time, the WSI module will reuse socket connections between itself and the SilverStream server. The WSI maintains a connection pool to the SilverStream server that reuses these connections as needed. With the WSI module, there is no direct communication between the browser and the SilverStream server: all calls pass through the WSI module.

Resource Authorization Process:

1.The user sends in a URL request to access a secure application.

2.The ClearTrust Web Server Plug-in configured on this Web Server checks with the Authorization Server to see if this resource is protected.

3.The ClearTrust Web Server Plug-in then prompts the user to enter his credentials.

4.The ClearTrust Web Server Plug-in sends this to the Authorization Server to authenticate and authorize this user.

5.If this is a user authorized to access SilverStream resources, the request is then processed by the SilverStream WSI module.

6.The SilverStream WSI module forwards the request to the application server host specified in the AgWSI.conf file. It also checks the request for an authentication header and then substitutes the credentials set as defaults in the AgWSI.conf file.

7.The SilverStream server then returns the requested URL to ClearTrust and the user is redirected to the appropriate page.

Page: 3

Page 3
Image 3
RSA Security 3.75 manual Product Configuration, Integration Overview, Resource Authorization Process