Answer the question
In order to leave comments, you need to log in
How does the authentication server interact with other servers and the user's device?
Hello everyone, a question, a question, it seems simple, but it doesn’t fit in my head.
There is a user interface server, which is essentially responsible for the interaction of user equipment with the rest of the server part (roughly speaking, like a proxy).
There is an application server and an authentication server. The application server receives requests from the user through the user interface server and, using the API, already interacts with other resources.
The authentication server (which is logical) is responsible for authorizing and authenticating the user.
Authentication itself occurs by and large as follows:
1. A login-password pair is sent from the user's device to the CA.
2. The CA compares the hash of this pair with the hash in its database, in case of a match, it sends the user a token, which he must attach to any of his messages.
It seems that everything is simple and clear. However, I have a few questions regarding the logic of interaction between servers, to which I can’t really find an answer:
1. During authentication, the user request is sent from the user server. interface directly to the authentication server or first to the application server, from where it already sends it to the CA?
2. How do all subsequent requests from the user go and where is the authentication token checked? That is, all requests go through the CA as through another "proxy" or go directly to the application server? If directly to the SP, how does the verification of tokens take place: directly on it or does it send them to the CA?
PS was not sure about the tags, I hope I'm not mistaken
Answer the question
In order to leave comments, you need to log in
Yes, here, in fact, there are a couple of options:
1) Either requests are proxied (passed through) through the SA to internal resources. Then the SA is a single point of access to the network.
2) Either the requests go to specific resources, and they are already polling the CA to see if this token is correct.
I have seen the second option in few places, since using one access point and placing the CA on it is much easier and more profitable (there are no extra requests over the network and the waiting time is less).
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question