Extend Cloud SSO with PMG Bridge

Overview

One of the earliest (and still quite common) mechanisms to achieve SSO between on-premise browser based applications has been through the use of HTTP request headers. This information is typically injected into the request that is received by the application and is then trusted by the application to be accurate. 3rd party solutions such as IBM Security Access Manager, Oracle Access Manager, and CA SiteMinder have typically facilitated this activity. The 3rd party SSO solution is responsible for the authentication and authorization of the user. After authentication and authorization, the user information is communicated to the application on behalf of the user through the use of a specialized agent or a reverse proxy mechanism.

The Problem

With more and more organizations leveraging cloud based IDaaS platforms to achieve SSO to both SaaS platforms as well as on-premise enterprise applications, this creates an integration opportunity that is not currently addressed utilizing many of the IDaaS solutions. As companies are phasing out existing on-premise SSO solutions or deciding not to adopt them altogether them in lieu of a cloud based IDaaS platform, the on-premise applications that can be integrated with SSO through the use of request headers are not being served. The PMG SSO Bridge has been developed to address this gap in functionality

How it Works

In the case of  Centrify, the PMG SSO Bridge functions as a SAML based SSO endpoint to the Centrify IDaaS platform and is deployed onpremise behind the Centrify Cloud Connector. Once the user has been authenticated to Centrify User Portal, they select the application that they wish to access (as they normally  would). The user is then directed to the PMG SSO Bridge, where that secure request is translated and reverse proxied to the on-premise application along with any request headers that are required to achieve SSO.

 

The Technology

The PMG SSO Bridge is a java-based application built using docker technology for containerization. All communication to and from the SSO bridge is secure and encrypted. It can be deployed in minutes for most environments. Built from the ground up to be integrated with the Centrify User Portal, with simple configuration that can be completed by existing administrators.  Can be leveraged with any Cloud-based SSO technology where on-premise applications present a gap.

Solution Features and Benefits

  • Extends Cloud-based SSO to on-premise apps to include HTTP Request Headers, Weblogic Tokens, and WebSphere Tokens
  • Deployed as an MSSP solution with no maintenance required
  • Built from the ground up for use with any Cloud SSO solution
  • Secure implementation extends the end-to-end security required
  • Container-based architecture with auto-scaling for high performance