Preparing for authentication and authorization in IAG

Updated: February 10, 2010

Applies To: Intelligent Application Gateway (IAG)

Whale Communications Intelligent Application Gateway (IAG) 2007 allows you to control client endpoint access to published resources using authentication and authorization as follows:

  • Session authentication. You can require client endpoints to authenticate in order to connect to a portal or an individually published Web application.

  • Portal application authorization. You can configure authorization settings that control how users and groups access specific applications published in a portal.

Session authentication

IAG enables you to authenticate users for access to a portal or application session and to open a connection only for users who authenticate successfully. For more information about session authentication, see Planning for IAG authentication and authorization. To define session authentication you do the following:

Portal application authorization

You can configure specific authorization settings for any application published in a portal, or for the portal application itself. For more information about application authorization, see Planning for IAG authentication and authorization. To define authorization you do the following:

  • Define an authorization user/group server against which users requesting application access can be evaluated. You can use the servers you have defined for user authentication, or specify a different server to be used for authorization. For more information, see Configuring authentication and authorization servers in IAG.

  • Define users and groups to be assigned authorization settings. You can define IAG local groups that you can reuse when assigned authorization permissions. Local groups are user-defined entities that can include user and groups from multiple authorization servers. For more information, see Configuring users and groups for application authorization in IAG

  • Set authorization settings for specific applications published in a portal. For more information, see the section "Configuring application server access and authorization", in Configuring the properties of applications published by IAG.

Forms-based authentication

IAG SP2 allows end users to authenticate to the IAG portal and to application servers published through the portal by using form-based authentication with the following credentials: user principal name (UPN) and a password. Because the UPN of an end user is unique in a domain forest, the end user can authenticate to any application server within the forest without providing the domain as a credential.

When an end user authenticates to the IAG portal by using a client certificate (for example, a smart card) and then attempts to open an application that requires authentication, the UPN of that end user will be automatically displayed in the User name box, eliminating the need to manually type in the user name.