Sunday, 19 April 2009

Secure Portal - My First Observations

Well, it's been an interesting few days. A colleague and I spent some quality time building a prototype of a secure portal. This is part of a larger project to provide single sign-on from the Windows desktop to back-end applications such as SAP, via portlets.

For the prototype, we used: -

MS Windows Server 2003 Enterprise Service Pack 2
MS Active Directory 2003
WebSphere Portal Express
Tivoli Access Manager for eBusiness 6.1 ( including GSKit, Policy Directory, WebSEAL etc. )

In essence, WebSEAL uses a "junction" to intercept certain URLs e.g. /wps/myportal etc. to direct users to its own HTTP server instance, where the user is requested to sign on using Basic Authentication ( log-in window ) or Forms-based Authentication ( log-in form appears in page ). Once the user is authenticated, they are directed back to the portal server.

TAM can also be used to provide authorization, so that portal resources ( portlets, pages etc. ) can be authorised by TAM roles, rather than the default of using LDAP groups.

The order of play was roughly: -
I'm going to do a more complete write-up as time permits, but we did learn a few lessons: -
Will post more when I get some more time ...

I'm looking forward to read about SSL and security.

I see a number of projects that simply overlook the SSL bit and ends up being ... non-secure even with TAM & Co.
Daniele, thanks for the comments - for this particular prototype, we did not include SSL encryption, but it is is important, especially in extranet and internet portal solutions. As with all things, the requirements should lead to the solution design, rather than being purely based on ease, pragmatism, cost etc.
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]