Note |
---|
NOTE: Ubisecure product names were unified in autumn 2011. All products which started with term "Ubilogin" were renamed to start with term "Ubisecure". In documentation this name change is implemented retroactively, i.e., the new naming practice is used also when referring to old software versions which started with term "Ubilogin" at the time of their release. |
About This Documentation
This documentation This page describes the Ubisecure Certificate Authentication Provider and how it is used with the Ubisecure Authentication Server to create extensible authentication systems.
Ubisecure Certificate Authentication Provider is a standalone SAML IdP that performs client certificate authentication. This allows users to authenticate using browser-based client certificates or integrate with smart-card based client certificates. It is configured as an Authentication Method of the Ubisecure Authentication Server.
Ubisecure Certificate Authentication Provider is a standard Java Servlet web application deployed on a pre-configured standalone Apache Tomcat application server that is included in the distribution package.
...
Excerpt | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Ubisecure Single Sign-OnThe Ubisecure Single Sign-On software product provides a web access management solution that enables access management and single sign-on user authentication using a wide selection of authentication methods, for example: username and password, One-Time Passwords, smart card (or other client certificate), or GSM short messages (plain text or signed). Ubisecure Single Sign-On Authentication Process
Ubisecure Authentication Server authenticates users, implements access control and sends authentication information in encrypted format to Ubisecure Web Applications. The Ubisecure Web Application deciphers and validates authentication information received from the Authentication Server and allows validated requests to get through to the web application. The Web Application also passes information about the authenticated identity to the web application. Ubisecure Authentication ProvidersUbisecure Authentication Providers extend the available authentication methods available to Ubisecure Authentication Server (UAS) in cases where authentication must be performed on a different network or platform. There are four types of Ubisecure Authentication Providers:
Ubisecure Authentication Provider Authentication ProcessUbisecure Authentication Server and an Authentication Provider interoperate in a similar way to Ubisecure Authentication Server and a Web Application. All communication between UAS and the Authentication Provider is done through browser redirects.
Although the functionality provided by the Authentication Provider is very similar to the functionality provided by UAS, there are however some key differences:
DeploymentThe Authentication Provider architecture makes it possible to install UAS and the Authentication Provider on disconnected networks. Only the user's browser needs to connect to both servers. No direct connection between Ubisecure Authentication Server and the server running Ubisecure Authentication Provider is required. This possibility enables very advanced scenarios. Windows Authentication ProvidersSome authentication protocols, such as the Windows Integrated protocol with Internet Explorer or Firefox, are only enabled for Intranet use, because they require that the client computer is on the same Active Directory domain. With Ubisecure solution, it is possible to install a Windows Authentication Provider on the Intranet even if the Ubisecure Authentication Server is connected to the Internet. Organization to Organization Authentication Providers
Identity MappingsThe Authentication Provider passes the name of the authenticated identity to UAS. UAS maps this identity to a Ubisecure identity. UAS manages separate identity mappings for each Authentication Provider. |
...