Sun Microsystems Portal Server 6 User Manual

Portal Server and Access Manager on Different Nodes

Chapter 5

Creating Your Portal Design

105

Portal Server and Access Manager on Different
Nodes

Portal Server and Access Manager can be located on different nodes. This type of
deployment provides the following advantages:

•

Identity services can be deployed separately from portal services. Portal Server
can be one of many applications using identity services.

•

Authentication and policy services can be separate from provider applications
including Portal Server related applications.

•

Access Manager can be used by other web containers to assist with
development of portal customizations.

The Access Manager SDK consists of the following components:

Identity Management SDK–

provides the framework to create and manage users,

roles, groups, containers, organizations, organizational units, and
sub-organizations.

Authentication API and SPI–

provides remote access to the full capabilities of the

Authentication Service.

Utility API–

manages system resources.

Loggin API and SPI–

records, among other things, access approvals, access denials

and user activity.

Client Detection API–

detects the type of client browser that is attempting to access

its resources and respond with the appropriately formatted pages.

SSO API–

provides interfaces for validating and managing session tokens, and for

maintaining the user’s authentication credentials.

Policy API–

evaluates and manages Access Manager policies and provides

additional functionality for the Policy Service.

SAML API–

exchanges acts of authentication, authorization decisions and attribute

information.

NOTE

When Portal Server and Access Manager are on different nodes, the
Access Manager SDK must reside on the same node as Portal Server.
The web application and supporting authentication daemons can
reside on a separate node from the Portal Server instance.