I have project at my customer to implement SSL VPN to their bussines application.
Their existing application using Oracle for user database, and Velis Server (Vasco) for response one tipe password.
For now, when user want to login to their application, user only put the username and put the one time password.
communication between Oracle and Velis server using API with "jar" file as middleware.
So, how Juniper SA can be used on their application. As i know, SA must point to Auth Server to get user database and also add the Velis Server to get one tipe password response for user.
But, SA will do 2 process, first SA do Authenticate, second get the one tipe password respone for the user.
Can we configure SA as like as their current application ? SA only do 1 process, authentication+response one time passwod ?
By the way, how SA can get user database from Oracle ? Must have middleware also like SBR??
Can SA using API also??
So if I see this right, the userobjects for the app are held in an oracle DB, and the authentication is done with Vascos Tokensolution?
I would authenticate the Vasco stuff via RADIUS (as proxy for the vasco server, if this does not support radius directly). After a successfull authentication on the SA either do a SSO form POST to post the username to the app or feed it inside the header.
But you should make sure then, that the app-server is only reacting on that username for requests coming from the SAs internal IP (in case you really use both NICs).
thanks for ur reply, in this case we will using SBR as auth server for SA, but can SBR in onetime do process check username then get the OTP for that username??
The flow may be like this :
| SA | ----> | SBR |
| Oracle | | Velis |
any suggest for this ?