10.4 Identity Injection Policies

Identity injection allows you to add information to the URL or to the HTML page before it is posted to a web server. The web server uses this information to determine whether the user can access to the resource, so it is the web server that determines the information that you need to inject to allow access to the resource.

Identity injection is one of the features of Access Manager that enable you to provide single sign-on for your users. When the policy is configured, the user is unaware that additional information is required to access a web server.

IMPORTANT:Identity Injection policies allow you to inject the user’s password into the HTTP header. If you set up such a policy, you must also configure Access Gateway to use SSL between itself and the back-end web server. This is the only way to ensure that the password is encrypted on the wire.

This section describes the elements available for an Identity Injection policy, but your web servers determine which elements you use.