eTrust Single Sign-on (SSO) is a distributed security software product that manages passwords and other authentication mechanisms for logging into multiple applications and hosts on a network. eTrust SSO automates the login process and eliminates a user’s need to keep track of multiple user IDs and passwords.
\r\neTrust SSO features a central administration interface that provides central control of all SSO-enabled user and application profiles. The eTrust SSO product consists of the following components: Policy Server, Policy Manager, Authentication Agent(s) and SSO Clients.
\r\nThe Policy Server is a process that runs on a server host. The Policy Server is the heart of eTrust SSO. It controls eTrust SSO functions and maintains communications between the various eTrust SSO components and the secure applications that the users invoke. It also updates audit logs.
The Policy Manager is GUI application that is used to manage the information stored in the Policy Server. It is installed on an administrator's Windows workstation with TCP/IP communication to the Policy Server.
\r\nAuthentication Agents are processes that run, generally, on an authentication host server and verifies user credentials with the authentication host (e.g., Windows AD domain controller or a Mainframe server). Once verified, the Auth Agent creates an SSO ticket which is passed back to the SSO Client and the SSO Client uses this ticket in any subsequent communications with the Policy Server – the ticket verifies the authenticity of the user using the SSO Client.
An SSO Client is a GUI application that runs on every user workstation. It provides a flexible and intuitive interface to the end user to enter their primary login credentials and once verified, provides automatic access to their SSO enabled applications without need to re-enter their application credentials.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Computer Associates eTrust Single Sign-On was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in August 2005.
","environmental_strengths":"The TOE provides the following security functionality: identification and authentication, audit, secure management of TOE security functions and data, session establishment, and protection of TOE security functions. The main security service provided by eTrust SSO is to manage authentication information securely. eTrust SSO manages passwords and other authentication information for logging into multiple applications and hosts on a network.
\r\nThe TOE relies upon its (unevaluated) IT environment to provide Protected Audit Trail Storage, User attribute definition, Management of security function behavior, Management of TSF data, Management of expiration time, Specification of management functions, Security roles, Non-Bypassability of the TSP, Domain separation and Reliable time stamps.
","features":[]}