Working with the Security Gateway

It is not possible to use the WSS method of authentication for a protected service using standard applications, because the WSS protocol is currently supported by a small number of applications only. This means that to enable such secured services to be used in standard applications such as ESRI ArcMap, it is necessary to employ a proxy component that transfers the standard service queries into the WSS protocol in accordance with the protocol of the secured service.

This component is known as a Web Security Client. In security.manager it is called "Security Gateway". It incorporates a user interface for entering WSS URLs, username and password. The Web Security Client performs the login process against the WAS. After a successful login, the Web Security Client creates a specific URL for this login information, known as a gateway. The secured service of the default client can be used via the user-specific URL of the gateway like any other service URL. The Web Security Client performs the security-specific communication with the WAS and WSS in a manner which is transparent to the user.

The Security Gateway is a web application, which can be located on any computer in the network and is available for simultaneous use by several users. The lifetime of a gateway is generally very short (only a few minutes, as it is a temporary or so-called transient gateway), although its lifetime is extended by each request it receives.

Furthermore, Security Gateway can also be used for providing preconfigured gateways to secured services, which are gateways with unrestricted lifetimes (permanent or co-called persistent gateways). These can be employed for guest use, which does not require the user to sign in. This component is integrated in security.manager Administrator in the Gates tab (see Administration of gateways).