1.3.3 Access Gateways

An Access Gateway provides secure access to existing HTTP-based web servers. It provides security services (authorization, single sign-on, and data encryption) integrated with the identity and policy services of Access Manager.

Access Gateway is designed to work with Identity Server to enable single sign-on to protected web services. The following features facilitate single sign-on to web servers that are configured to enforce authentication or authorization policies:

  • Identity Injection: Injects the information into HTTP headers that the web server requires.

  • Form Fill: Automatically fills in the requested form information.

If your web servers have not been configured to enforce authentication and authorization, you can configure Access Gateway to provide these services. Authentication contracts and authorization policies can be assigned so that they protect the entire web server or a single page.

Access Gateway can also be configured to cache requested pages. When a user meets the authentication and authorization requirements, the user is sent the page from the cache rather than requesting it from the web server, which enhances the content delivery performance.

Access Gateway is available in two deployment models. Both models are based on the same core technology and these differ only in their deployment approach.

  • Access Gateway Appliance: It is installed as a soft appliance, which includes the operating system.

  • Access Gateway Service: It requires you to provide the operating system.

Features of Access Gateway Appliance and Access Gateway Service are same but differ from the Linux Access Gateway.

For more information about the differences, see Feature Comparison of Different Types of Access Gateways in the NetIQ Access Manager 4.4 Installation and Upgrade Guide.

For information about how to upgrade your chosen Access Gateway technology, see Upgrading Access Manager in the NetIQ Access Manager 4.4 Installation and Upgrade Guide.

Embedded Service Provider

Access Gateway uses an Embedded Service Provider (ESP) to redirect authentication requests to Identity Server. Identity Server allows only trusted devices to participate. To trust each other, devices must exchange metadata. The Embedded Service Provider performs this task automatically for Access Gateway. The logout requests to Identity Server must be digitally signed.

Figure 1-3 Access Gateway Component