IceWall SSO

About Single Sign-On

"Single Sign-On (SSO)" provides the users with the ability to go through authentication process only once and then access separate systems and applications without need to log in to each application. Without single sign-on, the users will have to log in (authenticate) to an application or operating system before they can use it.

Such kind of authentication procedure often requires the users to type in a combination of a user ID and password which must be validated by the system before they can get "authenticated."

Unfortunately, these authentication and login processes often place a burden on the users. Particularly in enterprises that are running a wide variation of applications on heterogeneous platforms, the users are very likely to be overburdened by the necessity to complete a login process for each system or application and manage multiple ID and password combinations.

Also, when faced with the complexity of managing multiple IDs and passwords, the users are more prone to write them down on their notebooks or piece of papers. This poses as a risky behavior which may compromise information security.

For the sake of strengthening security by stringently managing IDs and passwords, it results in adverse effects as it is too heavy burden on the users.

These situations are exactly where you can benefit from single sign-on. Single sign-on relieves the users of the burden of memorizing multiple IDs and passwords. The users only have to remember a single password while stringent password management becomes a reality and a higher level of security can be achieved.

Today, single sign-on is a must-have for many enterprises.

No wonder it is a function that plays an essential role in protecting today's businesses from personal information leaks and security threats.

Overview of IceWall

Released in 1997, IceWall SSO has evolved over the last 18 years.originally developed by HP Japan and marketed for the global markets, provides a highly convenient and comfortable yet highly secure environment. Since its first release in 1997, IceWall SSO has seen its adoption in intranet, B-to-C, B-to-B, and many other services globally with more than 40 million user licenses sold so far all over the world. Its latest version, IceWall SSO 10.0, now provides support for new leading-edge technologies such as cloud and virtualization, and the IceWall SSO product line has been extended to include Windows support in addition to the existing HP-UX and Linux versions. Furthermore, the support services for IceWall SSO are planned to continue until 2024, making it a product that has a long and stable service life

Latest version available is 10.0. (as of August 2010) Supported Platforms are Red Hat Enterprise Linux, HP-UX and Windows Server. IceWall SSO mainly has Reverse Proxy type implementation, but it can be configured to work as an Agent type as well depending on the requirements.

IceWall SSO 10.0 for Windows inherited all the benefits including high security, high reliability, and excellent set of basic functionality from the longtime successful HP-UX and Linux versions. IceWall SSO 10.0 for Windows is the choice when Windows platforms is primarily used to run IT system. It assists an enterprise to optimize ROI by allowing to smoothly implement and build an authentication infrastructure (on the SSO system) and thereby reducing the effort to manage the entire system including the authentication infrastructure.

Architecture

IceWall SSO mainly consists of two modules.

A CGI process which works as a Reverse Proxy. It accepts http/https requests from Web browser and forwards them to backend applications.Forwarder also handles loginprocess and authorizations by communicating with Authentication module mentioned below.

A daemon program which accepts requests from Forwarder and performs authentication by getting user information from Certification DB (Directory services or RDB). ICP(IceWall Cert Protocol) is used between Forwarder and Authentication Module.

Contemporary products