Can 2 Access Manager instances co-exist in a Portal 7 implementation?
We are developing a Sun Portal 7 for a government client, where all authentication for every application goes through an Enterprise Access Manager. It only does authentication, no authorization, so we cannot use this Access Manager for our Portal implementation. We need our own instance of Access Manager. Our draft architecture as of now looks like this:
A Sun Web Server, with a Reverse Proxy Plugin to forward requests to the Sun Application Server, which is the Web Container for the Portal and Access Manager.
The Web Server would be protected by a Policy Agent that would communicate with the Enterprise Access Manager.
A user would hit the Web Server to log into the Portal, but would first have to authenticate to the Enterprise Access Manager, which would determine if they have access to the portal. If so, the Reverse Proxy Plugin would forward them to the Portal on the App Server. This is the point where it gets fuzzy, as far as logging them into the local Access Manager. We are assuming that users would be syncned from the Enterprise LDAP to our local LDAP. I'm assuming that we would need to write some custom code to accomplish the login to the Portal's Access Manager. How would we keep both Access Manager sessions intact? I'm assuming that we would have to change the name of the SSO Token cookie name in our local instance of Access Manager from iPlanetDirectoryPro to something else. Any ideas or suggestions would be greatly appreciated.
