No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Self-Service Integration Guide 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Centralized Account Management

Centralized Account Management

Solution 1: SSO

SSO is a common integration solution used by enterprise application software. An SSO system provides unified login authentication for application systems. Users can log in once and gain access to all application systems that trust each other. SSO improves user experience and reduces security risks and management costs. The SSO system comprises the SSO server and SSO clients. The SSO server and SSO clients jointly authenticate login requests. The SSO server generates and manages certificates. The SSO clients are deployed with application systems to provide certificate authentication interfaces for the application systems to communicate with the SSO server.

Figure 1-3 SSO system architecture

eSight can serve as an SSO server or SSO client. By default, eSight serves as an SSO server to provide development guidance for the SSO client filter and allow SSO clients to quickly integrate application services into eSight. eSight is also pre-integrated with the CAS SSO clients and therefore can be integrated with any SSO system complying with the CAS SSO server specifications, without changing code. The SSO system provides the following features:

  • Unified login page and authentication mode

    The SSO system provides a unified login page and authentication mode for all products involved in a solution. When a user who has not been authenticated attempts to access any service system, the unified login page is displayed. The SSO system then performs the login authentication on the user.

  • Simplified login operations for authenticated users

    A user that passes login authentication can obtain a valid certificate (root certificate) generated in the SSO system. With this certificate, the user can access any service server in the solution within a specified period and does not need to perform login.

Solution 2: AAA-based Centralized Authentication

Some medium- to large-sized enterprise networks have AAA systems deployed for centralized user management, authentication, and authorization. After eSight is installed and deployed, the deployed AAA system is used for centralized account management and login users are not authenticated in the local authentication center of the NMS.

eSight performs remote account authentication using LDAP and RADIUS. Users passing authentication can log in to and use the NMS. eSight supports active/standby redundancy of AAA servers and uses user-defined attributes to exchange with the AAA servers and process data. eSight can obtain account authorization attributes from the AAA servers.

Figure 1-4 Centralized authentication context of an AAA system
Translation
Download
Updated: 2019-10-30

Document ID: EDOC1100044386

Views: 17242

Downloads: 86

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next