Understanding The Authentication Process Of The Access Gateway Service - Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual

8.7 Understanding the Authentication Process of
the Access Gateway Service
When a user requests access to a protected resource, the request can be in one of the following
states:
No session or cookie is established, because this is the user's first request.
The user's session is a public session because only public resources have been accessed.
A session is established, the user is authenticated, and the requested resource is from the same
cookie domain and uses the same contract.
A session is established, the user is authenticated, and the requested resource is from the same
cookie domain but uses a different contract or the contract has expired.
A session is established, the user is authenticated, but the request doesn't have a session cookie
because the resource is on a different cookie domain.
A session no longer exists or doesn't exist on the proxy servicing the request.
The Access Gateway Service must handle these conditions and others as it determines whether it
needs to forward a plogin request to the Embedded Service Provider or use the user's existing
authentication credentials. The following flow charts take you through this process.
Figure 8-4, "Identifying the Requester," on page 258
Figure 8-5, "Determining the Type of Request," on page 259
Figure 8-6, "Determining the Protection Type Assigned to the Resource," on page 261
Figure 8-7, "Evaluating the Cookie Domain," on page 262
Troubleshooting the Access Gateway Service 257