Home Tom Kemp's Centrify Blog

TOM KEMP'S CENTRIFY BLOG

DirectControl Web Enhancements

Tuesday, September 18, 2007

Shortly on the heels of our shipment of DirectControl 3.0.7 (which adds over 20 new platforms and other features such as a bunch of new Mac Group Policies), today we released an update to DirectControl's web application support.

As a reminder, besides integrating non-Microsoft operating systems (UNIX, Linux, Mac, etc.) into Active Directory, DirectControl also delivers Active Directory-based web single sign-on for both intranets (leveraging Kerberos and LDAP) and extranets (leveraging Active Directory Federation Services (ADFS) and SAML) for popular web-based applications such as Apache, JBoss, WebLogic, and WebSphere. Centrify supports these web-based applications not only on UNIX platforms but also on the Windows platforms (with the exception of Apache, which we support only on the UNIX/Linux platform).

New major features include the following:

  • Support for a plethora of new versions of web-based applications, including support for Apache 2.2, WebLogic 9.1 and 9.2, and WebSphere 6.1. In total, we support over 13 versions of popular web-based applications.
  • Additional underlying platform support for new and previously supported versions of web applications - see this list of supported web-application platforms by operating system. If you add up the various combinations of versions of web applications running on different versions of operating systems, we support over 200 web app/platform combinations, which is pretty incredible when you consider the DirectControl also integrates over 100 UNIX platforms into Active Directory!
  • Cross-forest support for web applications running on both UNIX and Windows.
  • A web server can be configured for Active Directory authentication separately from the machine that it runs on, meaning that access to the machine is controlled locally while the web server access is controlled by Active Directory (UNIX only).
  • Apache support enhancements, including the ability to configure Apache to set authenticated user information in HTTP headers. If the Apache server is a reverse proxy, this allows users to be authenticated centrally by the Apache proxy, which passes the authenticated user information to any server behind the proxy. Another feature of note is that DirectControl's Apache support can now work with mod_php and mod_perl.
  • ADFS support enhancements, including:
    • Support for email and CommonName identity claims (not just UPN).
    • Support for multi-valued custom claims.
    • Support for multiple ADFS server thumbprints (multiple signing tokens).
    • In J2EE servers: configurable option to set authentication user info in HTTP headers in the same format as IBM Tivoli.

With this new set of features and additional platforms and web apps supported, I really believe we are setting the standard for Active Directory integration not only for non-Microsoft systems but also for non-Microsoft applications. As per always, these feature enhancements are being driven by our growing list of customers who are utilizing DirectControl's web application support, and we appreciate the feedback. (And we hope you are happy with our responsiveness to your requests!) These platform and feature enhancements are available today from our support download center (a login account is required; if you do not have an account, request an evaluation of DirectControl).

Categories: DirectControl for Web Apps, All
Bookmarks: del.icio.usDiggFurlNetscapeYahoo! My WebStumbleUponGoogle BookmarksTechnoratiBlinkListNewsvinema.gnoliaRedditWindows LiveTailrank

< Previous Article: Experts Agree: DirectControl is 'the best tool out there for integrating Linux and AD'
> Next Article: The Kerberos Consortium and the Future of Kerberos