Portal Server and Access Manager on Different Nodes
Chapter 5 Creating Your Portal Design 105
Portal Server and Access Manager on Different
Nodes
Portal Server and Access Manager can be located on different nodes. This type of
deployment provides the following advantages:
• Identity services can be deployed separately from portal services. Portal Server
can be one of many applications using identity services.
• Authentication and policy services can be separate from provider applications
including Portal Server related applications.
• Access Manager can be used by other web containers to assist with
development of portal customizations.
The Access Manager SDK consists of the following components:
Identity Management SDK–provides the framework to create and manage users,
roles, groups, containers, organizations, organizational units, and
sub-organizations.
Authentication API and SPI–provides remote access to the full capabilities of the
Authentication Service.
Utility API–manages system resources.
Loggin API and SPI–records, among other things, access approvals, access denials
and user activity.
Client Detection API–detects the type of client browser that is attempting to access
its resources and respond with the appropriately formatted pages.
SSO API–provides interfaces for validating and managing session tokens, and for
maintaining the user’s authentication credentials.
Policy API–evaluates and manages Access Manager policies and provides
additional functionality for the Policy Service.
SAML API–exchanges acts of authentication, authorization decisions and attribute
information.
NOTE When Portal Server and Access Manager are on different nodes, the
Access Manager SDK must reside on the same node as Portal Server.
The web application and supporting authentication daemons can
reside on a separate node from the Portal Server instance.