立即与支持人员聊天
与支持团队交流

Cloud Access Manager 8.1.2 - Security and Best Practice Guide

Single sign-on methods

Dell™ One Identity Cloud Access Manager offers a variety of ways to automate sign-on to suit all types of web application:
Security Assertion Markup Language (SAML) federation and WS-Federation
HTTP Basic and NTLM
Proxied form-fill
Unproxied form-fill

Security Assertion Markup Language (SAML) federation and WS-Federation

Many modern web applications support Single Sign-On (SS0) using identity federation protocols. These methods rely on a separate, independent web system, called an identity provider or Security Token Service which performs the task of authenticating the user.

When multiple applications rely on the same identity provider you only need to enter your credentials once, so SSO is achieved. Dell™ One Identity Cloud Access Manager operates as an identity provider for applications which support SAML or WS-Federation SSO.

This method is generally considered the fastest, most cost-effective, reliable, and efficient way to implement single sign-on for those applications which support it. Some Software-as-a-Service (SaaS) providers levy an additional charge for use of federated SSO, however this should be weighed against the significant advantages of this approach.

HTTP Basic and NTLM

Applications which require HTTP Basic or NT LAN Manager (NTLM) authentication rely on the browser to capture your credentials using a pop-up dialog. Information is then passed to the application in HTTP headers which the application uses to check if the supplied credentials are correct. It is typical for web applications which accept HTTP basic or NTLM authentication to run on an internal corporate network.

When such an application is accessed using the Dell™ One Identity Cloud Access Manager proxy, the proxy can automatically construct the HTTP headers, as the browser would do. By using the username and password previously stored for a user, sign on to the application is automated.

If the application accepts HTTP Basic or NTLM authentication, this approach to Single Sign-On (SS0) is preferred over form-fill techniques, for further information please refer to Proxied form-fill.

Proxied form-fill

Some web applications do not accept HTTP basic or NT LAN Manager (NTLM) authentication, and instead prompt for your credentials by presenting a login form, this is known as forms-based authentication. Forms-based authentication is a common method of authenticating users for both public software as a service (SaaS) and on-premise web applications.

The Dell™ One Identity Cloud Access Manager proxy can automatically insert JavaScript which detects a username and password entered into a login form, and can save that information in your Cloud Access Manager password wallet over a secure channel. Then, once your credentials have been saved and the application is launched again, Cloud Access Manager can detect the username and password fields on an application login form, automatically insert your credentials into the correct fields, and submit the form.

* 
NOTE: This technique is appropriate for applications which do not accept HTTP basic, NTLM, SAML or WS-Federation.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级