SSO with Web Access Management System

IHAC with a 4100. They want to provide SSO between the 4100 and a down stream Web Access Management (WAM) product. This WAM is not listed as a supported SSO compatible product (e.g. its not Netegrity). is there a way that I can have the user authenticate to the 4100 and then access WAM protected web pages behind the Firepass without re-authentication?

 

 

What would be great is (in order of preference):

 

1. The 4100 could have an authentication mechanism that prompted a user to authenticate and then posted the username and password/passcode to a specific URL (this would be the WAM login page). This would return an HTTP status of 200 for success or 403 for failure. The Firepass could use this as an authenication type and allow access to the WebTop. On success any returned session cookies could be cached on the 4100 or forwarded to the browser. The user is now authenticated to Firepass and the WAM system with support for multiple authentication types.

 

 

2. If the 4100 could create SAML Assertions. Then after authentication to Firepass when the user clicks on a link in teh WebTop then the user could be logged into the WAM protected system via a Federation Model using BAP or BPP.

 

 

3. Have the user hit a WAM protected web server and authenticate. Either through an API, iControl or something(??) a cal is made to the 4100 to create a session for the user or manufacture a Header that the 4100 trusts. The user would then be redirected to Firepass and a session cookie or Header created is trusted and the user is allowed access.

 

 

4. After authenticaion to 4100 when accessing the WAM protected web application the 4100 is configured to forward on the credentials supplied to it to the WAM login page. This would need to support Forms based authentication as well as HTTP basic auth.

 

 

Looking at the External Authentication stuff it suggests that all you are doing is providing login page external to the 4100 which posts to the 4100 fo authentication. This would not acheive what I'm looking for.

 

 

Any ideas?

 

 

Thanks