Authentication client, Access device, Portal server – H3C Technologies H3C SecPath F1000-E User Manual

113

Figure 109 Portal system components

Authentication client

An authentication client is an entity seeking access to network resources. It is typically an end-user

terminal, such as a PC. The client can use a browser or a portal client software for portal authentication.

The security check for a client is implemented through the communications between the client and the
security policy server.

Access device

An access device controls user access. It can be a switch or router that provides the following three

functions:

•

Redirecting all HTTP requests from unauthenticated users to the portal server.

•

Interacting with the portal server, the security policy server, and the authentication/accounting
server for identity authentication, security check, and accounting.

•

Allowing users who have passed identity authentication and security check to access granted
Internet resources.

Portal server

A portal server listens to authentication requests from authentication clients and exchanges client

authentication information with the access device. It provides free portal services and pushes Web

authentication pages to users.

Authentication/accounting server

An authentication/accounting server implements user authentication and accounting through interaction
with the access device.

Security policy server

A security policy server interacts with authentication clients and access devices for security check and

resource authorization.
The components of a portal system interact in the following procedure:

1.

When an unauthenticated user enters a website address in the browser's address bar to access the
Internet, an HTTP request is created and sent to the access device, which redirects the HTTP request

to the portal server's Web authentication homepage. For extended portal functions, authentication

clients must run the portal client software.