Table of Contents
Advertisement
2.2 Possible Configurations
You can configure your J2EE server so that users have direct access to it or so that it is a protected
resource of the Access Gateway. Both configurations use the Identity Server for authentication.
Section 2.2.1, "Allowing Direct Access to the J2EE Server," on page 46
Section 2.2.2, "Protecting the Application Server with the Access Gateway," on page 47
2.2.1 Allowing Direct Access to the J2EE Server
When you configure the Identity Server to provide authentication for the applications on the J2EE
server, the communication process follows the paths illustrated in
Figure 2-1
Browser
1. The user requests access to an application on the J2EE server. The user is redirected to the
Identity Server.
2. The Identity Server prompts the user for a username and password.
3. The Identity Server verifies the username and password against a user store (an LDAP
directory).
4. The Identity Server builds the roles for the user and redirects the user back to the application
server.
5. The agent verifies the user's credentials and obtains the user's role information.
6. The application server allows access to the requested application.
This scenario is most often used when you have users behind your firewall that need access to the
application server. You also have an internal DNS server that resolves the DNS name of the
application server to its IP address.
For configuration information, see
page
47.
46
Novell Access Manager 3.1 SP1 Agent Guide
JBoss Applications Using the Identity Server
Identity Server
2
4
4
1
Section 2.3, "Configuring the Agent for Direct Access," on
3
5
J2EE Server with
Agent and Applications
6
Figure
2-1.
LDAP
Directories
Advertisement
Chapters
Table of Contents
