Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual page 36
Access gateway guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010:
- Manual (374 pages) ,
- User manual (58 pages) ,
- Manual (30 pages)
Table of Contents
Advertisement
Scenario 2: If you are willing to allow a resource to influence the timeout of another resource,
configure your resources as follows:
Protected resource 1 (PR1) is configured to use contract 1 (C1), which has been created from
method 1 (M1) and placed in a shared activity realm (shared1). For this scenario you set the
authentication timeout to 30 minutes.
Protected resource 2 (PR2) is configured to use contract 2 (C2), which has been created from
method 2 (M2) and placed in a shared activity realm (shared1). For this scenario, you set the
authentication timeout to 15 minutes.
With this scenario, the user is prompted to log in when accessing PR1 and when accessing PR2.
Activity at either resource updates the shared1 time line.
Figure 1-4
PR1,C1,M1,shared1
shared1 time line
PR2,C2,M2,shared1
As long as the user is active on PR1, the user's session to PR2 remains active. After 20 minutes of
activity on PR1, the user returns to PR2. The user is allowed access and does not need to log in
because the shared1 time line shows activity within the last 5 minutes. The user remains active on
PR2 for over 30 minutes, then accesses PR1. Again, the shared1 time line shows activity within the
last 5 minutes, so the user is granted access to PR1 without logging in again.
With this configuration, activity at other resources influences the time limits so that they are not
strictly enforced.
Scenario 3: If single sign-on is more important than strictly enforcing a timeout value, Novell
recommends that you configure all contracts to have the same authentication timeout value.
If you configure your resources as follows, you might not get the behavior you require:
Protected resource 1 (PR1) is configured to use contract 1 (C1), which has been created from
method 1 (M1) and placed in a shared activity realm (shared1). For this scenario you set the
authentication timeout to 30 minutes.
Protected resource 2 (PR2) is configured to use contract 2 (C2), which has been created from
method 1 (M1) and placed in a shared activity realm (shared1). For this scenario, you set the
authentication timeout to 15 minutes.
Because C1 and C2 are created from the same method (M1), the user does not need to log in twice to
access both resources. Logging in to one resource allows them access to the other resource.
1-5
illustrates this scenario.
Figure 1-5
PR1,C1,M1,shared1
shared1 time line
PR2,C2,M1,shared1
36
Novell Access Manager 3.1 SP2 Access Gateway Guide
Login Requirements for Separate Methods with a Shared Activity Realm
0
5
10
15
x
x x
x
x
Login Requirements for Shared Methods and Shared Realms
0
5
10
15
x x x x
x
x x
x
Figure 1-4
20
25
30
35
40
45
x
x
x
x x
x x
20
25
30
35
40
45
x
x
x
x
x
illustrates this scenario.
50
55
60
minutes
x
x
50
55
minutes
Figure
Advertisement
Chapters
Table of Contents
Troubleshooting
Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010
Related Products for Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009