Version3 News
Version3, Inc. Releases Video Case Study Highlighting Charlotte-Mecklenburg Schools »

Version3, Inc. Announces New Access Control Edition v2.5 »

Simple Sign-On (Sarbanes-Oxley Compliance Journal) »

Version3, Inc. Achieves Microsoft Gold Certified Partner Status »

Version3 Launches Incognito Blog »

Version3 Provides Simple Sign-On (SSO) to Premium Standard Farms »

Version3 Receives Invitation To Participate In Burton Catalyst Conference »

Simple Sign-On: AD Based SSO, Connection Management, and Application Publishing (Enterprise IT Planet) »

Version3, Inc. Announces Complete Enterprise and Web Single Sign-On Solution Suite for Active Directory Environments »
Press Releases »
In The News »



Enhanced Authentication Technical Components

The Enhanced Authentication (EA) system is a component of the Version3 Simple Sign-On (SSO) product. In certain circumstances it can operate independently of SSO and provides IIS with a “forms based” authentication system for applications that require authenticated Active Directory users (e.g. SharePoint, Exchange, etc.). In many cases the built in IIS authentication technologies are not suitable for a particular application farm configuration. EA enhances the IIS built in technology with a web farm compatible “cookie” authentication system.

There are five components that make up the EA product:

Ticket Manager Service
The Ticket Manager (TM) is a Windows Service that must run on all servers in the web farm that participate in the authentication system (NOTE: non-Microsoft platforms such as Linux may access the system via a SOAP connection to a Microsoft server). The Ticket Manager is responsible for collecting user identity information, creating, dispensing and repudiating authentication tickets. For most environments, the ticket is managed as a browser cookie; however it can be accessed in several different ways.

Database Manager Service
The Database Manager is a Windows Service that, unlike the Ticket Manager, is generally only installed on one or two servers. The Database Manager is responsible for all communications between the Ticket Manager and the SQL backend database. Additionally, the Database Manager is responsible for holding the configuration information for each of the Ticket Managers.

ISAPI Filter
The ISAPI filter is a dynamic link library that is installed within IIS. The ISAPI filter is responsible for brokering communication between the browser, the Ticket Manager and IIS. Essentially, it can convert a valid ticket into an IIS authenticated user. The EA ISAPI filter is compatible with 32 or 64-bit IIS servers.

Logon System
The Logon System is an ASP.net 2.0 application and Web Service that runs on IIS. This system provides for the secure collection of user identity information (user name and password) from individual users for the purpose of creating a ticket. Forms in the _auth virtual directory provide the ability to encrypt post back data using a unique technology. Moreover, the key exchange and client / server communication are much more robust than normal post forms or basic authentication systems.

Identity Firewall
The Identity Firewall service is an optional Windows Service. If enabled, it is installed on all servers that host the Logon System. The Identity Firewall service is responsible for translating, mapping or enhancing the Logon System. For example, the Identity Firewall Service can poll multiple Active Directory domains, authenticate against eDirectory (or other non-MS systems), integrate with Microsoft’s ADFS or provide secure identity firewall services.