Jump to content Japan - English

Software(Japanese)  >  Security(Japanese)

IceWall SSO

What is IceWall SSO? > Basic Features
»

IceWall SSO

What Is IceWall SSO?
» What is Single Sign-On?
» What is IceWall SSO?
» Benefits
» Basic Features
Product Specifics
» Basic Architecture Diagram
» Operating Environment
» Reference Price
» Options
» FAQ
» Case Studies
» White papers
» Online Demo
» Support
» Implementation Services
» Contact Us
Related Products
» IceWall Federation
» IceWall Remote Configuration Manager

IceWall’s Office 365cloud Federation
(Last Update : 2012.4.26)

»What is Single Sign-On?

»What is IceWall SSO?

»Benefits

Basic Features

  Basic Features
»  IceWall SSO's Unique Features

Basic Features

Authentication Verifies the user ID and password entered by a user who attempts to login, in order to confirm that the user is a registered legitimate user.
Authorization Controls access on a URL by URL basis by verifying whether a user who requests access to a service is authorized to access the service.
Single Sign-On
(SSO)
Provides the users with the ability to authenticate only once and then have access to all of the applications, documents, database, and other services they are authorized to use without any additional authentication.
Session Management IceWall SSO uses session IDs to manage single sign-on sessions. It performs authentication (logon state) verification and user access control (per URL) by referencing the session IDs. Session management provides support for browsers with cookies disabled as well.
Reverse Proxy When a client requests access to one of the Web servers that reside on the backend, the IceWall server accepts the request before they reach the backend. Then the IceWall server analyzes the URL specified in the request and relays the request information to the appropriate backend Web server.
Since all client access requests are handled through the IceWall server, you can create a highly secure environment by ensuring the security of the IceWall server.
URL Conversion (URL Masking) Substitutes a specified replacement name for the host or domain name part of every URL that is contained in the information received from a back-end Web server. This functionality ensures that any backend Web server information is invisible to (masked from) the clients.
Keyword Conversion (Keyword Masking) This functionality complements URL Conversion by substituting specified replacement strings for certain keywords that may be contained in the information received from a backend Web server.
Information Inheritance Populates HTTP headers with environment variables including user login credentials as well as appropriate information from the authentication database so that the backend Web servers can inherit those environment variables. You can specify which environment variables should be passed to which back-end Web server.
Password Update Allows end users to change their own passwords registered with the authentication database. IceWall SSO supports very strong password policies and also provides the ability to output password expiration warnings.
Automatic Form Authentication Most conventional solutions do not fully support Web servers that use form authentication and require you to customize or modify such backend Web servers before you can establish connection with them. In contrast, with its extensive support for 48 patterns based on 11 different form authentication methods, IceWall SSO allows you to connect to any backend Web servers that use form authentication by just configuring a few settings on the IceWall server without having to modify the servers themselves.
User exit routines IceWall SSO comes with user exit routines (extended APIs) that allow you to support a variety of standard authentication methods and modify HTTP message formats among other things.
Anti Cross Site Scripting Applications running on backend Web servers are often vulnerable to malicious scripts that attempt to steal cookies or other user specific information. Web application level attacks that use such malicious scripts are referred to as "Cross Site Scripting."
As preventive measures against Cross-Site Scripting, IceWall SSO provides four filters: GET Send Data, POST Send Data, HTML, and Host filters.
IceWall SSO also allows you to capture logs of access attempts that would be blocked with the filters enabled, rather than actually applying the filter settings. This is helpful in creating more effective Anti Cross Site Scripting filter settings.
Anti Buffer Overflow A "Buffer Overflow" attack occurs when attackers purposely overload the buffer on a Web server to wreak havoc on the victim machine by sending requests that contain extraordinarily long URLs to the server.
When IceWall SSO encounters a URL or QUERY_STRING value longer than a certain limit, it prevents possible Buffer Overflow attacks by truncating the value.
Verbose Logging IceWall SSO allows you to capture the following logs: error logs; trail logs useful in monitoring any unauthorized login attempts; performance logs useful in monitoring how long it takes for the back-end Web servers and the authentication database to respond; traffic logs useful in monitoring the number of access and login attempts; and status logs useful in monitoring the number of logged-in users.
Performance Monitoring Tools Performance Monitor Tools can be used to generate performance reports.
Using Performance Monitor Tools, you can easily analyze the performance of IceWall SSO.
These tools are useful, for example, in performance testing prior to the production deployment of IceWall SSO or in analyzing performance issues that may occur on the production system.

Optional Features

Client Certificate Based Authentication This option enables for client certificate based authentication. You can use client certificate based authentication in conjunction with password based authentication as well. Available with an additional charge
SSL Encrypted Communication This option enables additional support for the SSL protocol (https) to protect the communication between the IceWall server and back-end Web servers in addition to the standard HTTP protocol. For example, you can implement secure single sign-on into back-end Web servers that reside on the Internet as well. Available with an additional charge
Failover This option enables support for back-end Web servers and authentication servers redundancy. When the authentication and back-end Web servers are redundant, you can achieve higher service continuity by minimizing the downtime between the failure of one of the servers and the recovery of services. Available with an additional charge
» Back to the top of this page
Printable version
Privacy statement Using this site means you accept its terms  
Please note: all of the links on this page navigate you to pages in Japanese.