Backbase Portal

Security

Security in Backbase Portal is handled in exactly the same way as with any standard web application: Users are authenticated and authorized using an authentication provider, a session is created for the user in the portal server, and with each additional user request a security token is passed to the portal server via a cookie. Additionally, this mechanism can be expanded to accommodate integrating gadgets with applications and web services that use URL tokens instead of cookies.

Access to external resources usually takes place via a widget. Because external resources will implement their own security regimes there are different possibilities available to authenticate portal users against those resources:

• Single Sign On - By configuring the Portal Security Manager to be a client in a Single Sign On environment it is possible to authenticate portal users against the same authentication server as other back-end services. By doing this portal users only have to login once.
• URL Security Tokens - In this case you would build a simple JavaScript wrapper around an IFRAME in your gadget and would use it to send a security token in the URL to the target back-end service.
• Manual Login - In this case the user will be presented with an additional login screen within a gadget. This is the default case where it is not possible or it is impractical to integrate with a back-end security provider.