Application
Integration Options
Some web applications require authenticated information
about the user. This might be the user's name, account number, or
organizational affiliation.
The WSA can optionally pass user-specific information
to an application through cookies, HTTP basic authentication, and
URL mapping. The application trusts this information because it
is based on the WSA's authentication of the user's identity.
For each application the administrator configures the
value of the user-specific information and how that information
is to be passed to the application. A user might have his account
number passed to one application as a cookie and his name and department
to another though a URL.
Application integration provides the best of both worlds:
security is separated from the application, but the applications
can securely benefit from identity-specific user information.
Benefits:
-
Passing user-specific information in HTTP headers
provides a quick way of converting applications with HTTP basic
authentication to certificate-base authentication.
-
Passing user-specific information in cookies provides
a quick way of strengthening applications that use cookies to
track users.
-
Identity-specific URL mapping provides a robust
mechanism for personalizing web sites. This feature allows the
WSA to direct each user to his own set of web pages without
exposing the URLs of those pages to the Internet. Furthermore,
the WSA absolutely prevents one user from accessing another
user's page.
|