The PREAUTH_ADMIN model
This model provides flexibility for customers with unique configurations and no compatible security migration paths.
The word pre-authentication is applicable because of the forwarding of requests from that external server to the TrueSight Middleware Administrator. This external server is trusted to perform authentication checks. Authorization remains an internal process. The Product Administrator retains full use of and responsibility for administration of users and groups.
PREAUTH_ADMIN functional structure is displayed in the diagram below:
Functional details: PREAUTH_ADMIN
A proxy server authenticates each incoming request and forwards it to the TrueSight Middleware Administrator service. A packet identifies the request to the application. The application then acts on it.
The authorization mechanism is as follows:
- User makes request/attempts action.
- The proxy server receives the request.
- The proxy creates and sends the request to the application.
- The application receives the request and either approves or denies it.
- If approved, the user action takes place.
- If denied, an error message is generated. For instance, a user who has only Inquire permissions for a particular project and who attempts to modify an object within TrueSight Middleware Administrator, will receive a standard '403' error message.
Comments
Log in or register to comment.