• United States
Executive Editor

Juniper adds single sign-on features to SSL remote access devices

Jul 08, 20042 mins

* Juniper enables customers to authenticate once to all their resources

Juniper recently added Security Assertion Markup Language support to its Secure Sockets Layer remote access gear so customers can authenticate once and gain access to all the resources they are authorized to reach.

This so-called single sign-on has been one of the features SSL remote access vendors have been adding to their products and trying to improve on as a way to stand out from the rest of the SSL crowd. SAML support may well offer the version that is simplest for the individual user, but it is also pricey.

Without single sign-on, remote users authenticate themselves to the SSL remote access gateway. Then when they want to access a particular server protected by the gateway, they log on to that as well.

Some vendors have a form of single sign-on that lets users log on once to the remote access gateway and if the logon for the server being sought happens to be the same, the gateway will pass it through and log the user on automatically.

Other vendors have refined this a bit and their gateways remember the logons for servers being sought the first time a user accesses them. On subsequent access attempts, the gateway supplies the logon it remembered from the first time.

SAML support means that when a user logs on to an SSL gateway, the gateway checks with a SAML server in the network that supplies all of the user’s logon information. The gateway taps this SAML data to log on users automatically when they try to access resources on particular servers. 

The purpose of this is to make the end-user experience less cumbersome. They log on once and can reach the applications and files they want without the trouble of remembering and entering multiple credentials. The various methods address this varying amounts of success.

Clearly SAML support is least painful to the end user, but it requires the network to have a SAML server. At least for now, that is an expensive item owned mainly by the largest enterprises. It’s good for them, but out of reach for smaller businesses. Still, for enterprises that support the technology, SAML support should be entered on the checklist of features to look for when evaluating SSL remote access gear.