3.1 Understanding Access Manager Appliance Process Flow

The following figure illustrates the components and process flow that make up a basic configuration.

Figure 3-1 Basic Process Flow

  1. The user sends a request to Access Gateway for access to a protected resource.

  2. Access Gateway redirects the user to Identity Server, which prompts the user for a username and password.

  3. Identity Server verifies the username and password against an LDAP directory user store (eDirectory, Active Directory, or Sun ONE).

  4. Identity Server returns an authentication artifact to Access Gateway through the browser in a query string.

  5. Access Gateway retrieves the user’s credentials from Identity Server through the SOAP channel in the form of a SOAP message.

  6. Access Gateway injects the basic authentication information into the HTTP header.

  7. The web server validates the authentication information and returns the requested web page.

You configure the Access Manager Appliance so that a user can access a resource on a web server whose name and address are hidden from the user. This basic configuration sets up communication between the following four servers:

Figure 3-2 Basic Configuration

Although other configurations are possible, this section explains the configuration tasks for this basic Access Manager Appliance configuration. This section explains how to set up communication using HTTP. For HTTPS over SSL, see Section 17.0, Enabling SSL Communication.