Sun Microsystems 2005Q1 Server User Manual


 
SRA Gateway
Chapter 2 Portal Server Secure Remote Access Architecture 39
Proxy Configuration
The Gateway uses proxies that are specified in its profile to retrieve contents from
various web servers within the intranet and extranet. You can dedicate proxies for
hosts and DNS subdomains and domains. Depending on the proxy configuration,
the Gateway uses the appropriate proxy to fetch the required contents. If the proxy
requires authentication, the proxy name is stored as part of the gateway profile,
that the Gateway uses automatically, when connecting to the proxy.
Gateway and HTTP Basic Authentication
The Gateway supports basic authentication, that is, prompting for a user ID and
password but not protecting those credentials during transmission from the user’s
computer to the site’s web server. Such protection usually requires the
establishment of a secure HTTP connection, typically through the use of SSL.
If a web server requires basic authentication the client prompts for user name and
password and sends the information back to the requesting server. With the
Gateway enabled for HTTP basic authentication, it captures the user name and
password information and stores a copy in the user’s profile in the Access Manager
for subsequent authentications and login attempts. The original data is passed by
the Gateway to the destination web server for basic authentication. The web server
performs the validation of the user name and password.
The Gateway also enables fine control of denying and allowing this capability on
an individual host basis.
Gateway and SSL Support
The Gateway supports both SSL v2 and SSL v3 encryption while running in HTTPS
mode. You can use the Access Manager administration console to enable or disable
specific encryption. The Gateway also supports Transport Layer Security (TLS).
SSL v3 has two authentication modes:
NOTE Session stickiness is not required in front of a Gateway (unless you
are using Netlet), however performance is improved with session
stickiness. On the other hand, session stickiness to the Portal Server
instances is enforced by SRA.