The Easiest Way to Extend Web Access Management to the Cloud
SSO/Rest provides your enterprise with a minimally-invasive way to push your applications into the Cloud while seamlessly protecting them with the full power and capabilities of your Web Access Management (WAM) platform – as if they were still in their own data center.
SSO/Rest is a CA Technologies TTP Validated Solution.
How It Works
SSO/Rest was built to solve the central problem plaguing enterprises that wish to extend their WAM solutions to the Cloud: that all pre-Cloud SSO products depend on agents or proxies that work poorly in the Cloud – both because of their “heaviness” and their reliance on vendor proprietary communication protocols.
Instead, lightweight, HTTP-speaking plugins replace bulky, resource-intensive web agents.
- Small footprint and self-contained.
- No chatty, proprietary protocols minimize latency and no new firewall holes.
- No cryptographic operations means low processor-burden and less patching.
- Can be drop-replace deployed on applications both inside and outside the enterprise perimeter.
A hardened Gateway sits protected in the DMZ.
- Communicates with the plugins via REST-compliant web services
- Securely mediates communication between the plugins and Policy Decision Points (e.g. CA SSO Policy Servers)
- Handles the resource-intensive crypto.
Together, the plugins and the Gateway create a virtual perimeter, safely providing full WAM (enterprise SSO, authentication, session management, and access management) to applications in the public cloud.
Crucially, by extending true WAM (as opposed to the more limited functionality provided by federation), SSO/Rest fills four major security gaps that typically plague WAM in the Cloud:
One Product, Five solutions
Protect Cloud Applications with Full Access Management
SSO/Rest cloud-enables your applications and protects them with your current Access Management platform just as if they were in your data center. Whether you run your own images on Amazon EC2 or Rack-space, or hot-deploy your applications directly to Microsoft Azure or Google App Engine, SSO/Rest allows you to protect and manage them as if they were local.
Easily Integrate Rich Browser and Mobile Applications into Your Access Management Environment
SSO/Rest allows your enterprise to harness the power of your WAM infrastructure directly from all your client platforms with minimal modifications to your existing applications using an intuitive and simple REST API
Tighter Integration, Better Services for Your Internal Applications
SSO/Rest provides a rich integration interface for server-side integrations, enabling them to further leverage the power of your WAM infrastructure. Because the interface is REST-based, no vendor-specific SDK is ever needed inside your applications.
SSO/Rest consolidates your WAM agents to within the SSO/ Rest Gateway. Migrating from thousands of heavy, vendor-proprietary agents to SSO/Rest’s lightweight plug-ins will significantly lower the cost and burden of maintaining your SSO infrastructure.
Deploy Web Access Management as a Service
Service providers can now provide the full power of traditional WAM solutions as a Software-as-a-Service offering.
- Enforces session management rules and timeouts across all applications, whether on-site or cloud-based.
- End-to-end identity propagation and session (re)validation.
- Plug-ins support most major web servers in today’s market, including Apache HTTP Server, Microsoft IIS, and now NGINX as well; and J2EE containers such as IBM WebSphere, Red Hat WildFly (JBoss), Apache Tomcat, and Oracle WebLogic.
- SSO/Rest employs a flexible infrastructure, using standards-based components and technologies. It can be deployed in any J2EE servlet container (Tomcat, JBoss, WebLogic, WebSphere), Java 6.0, and any JAX-RS framework.
- Built-in web application and service for plugin registration allows application teams to self-register plugins via web app or script, without involving the IAM team.
- Rich client integration supports AJAX, Adobe Flex, Microsoft Silverlight, Mobile applications, and other rich content platforms.
- Gateway component is available as a J2EE application file, a preconfigured Tomcat zip distribution, a VM appliance, or a Docker image.
- Pluggable logging framework allows configuration of logging and tracing both from within your WAM software and the externalized logging framework of your choice.
- Leverages a pluggable distributed caching technology to provide powerful tuning and global cache management.
- Endpoints support a flexible combination of plain text, JSON, and XML payloads.
- Full multi-byte support for international characters in user identifiers and attributes.
- Comprehensive OAuth and OIDC support, including wrapping vendor SSO tokens inside OAuth/OIDC tokens for tightest integration and security.
- Includes pluggable gateway logic for flexible integration with SSO solutions – currently CA SSO and Oracle Access Manager – with a standalone policy decision point based on an XACML rules engine coming in Q3.
- Fully supports most Cloud-based platforms, including Amazon AWS, Microsoft Azure and Google Cloud.
- Powerful REST API performs multiple IAM operations, including enable/disable user and user password change.
- New plugin capabilities for Gateway component allow extensible agent logic (something that most WAM out-of-the-box agents cannot provide). Now you can use your Access Management solution as a complete Web Application Firewall and dynamically react to attack heuristics.