msc status

CENTAGATE

Centralized Authentication Gateway

CENTAGATE is the centralized authentication gateway solution joint developed by SecureMetric that offers to support different kind of authentication services in a single platform for corporate Web, client/server, and existing applications. By providing this centralized, flexible and scalable authentication services, CENTAGATE enable application providers to adopt strong multi-factor authentication without needed to invest on setting up their own authentication infrastructure and human resources. Current version of CENTAGATE ready to support static password, SMS OTP, OATH OTP Tokens (includes Event, Time and Challenge-Response based) and PKI authentication. Authentication module in CENTAGATE is design in such a way that allows other third party authentication server to be integrated easily. Addition, CENTAGATE also can be used as Single-Sign-On server to allow different business application to share a centralized authentication credential.

Brief interaction between users, application server and CENTAGATE is illustrated below:

  • User attempts to access application server but does not have a valid logon session.
  • Application Server will direct the authentication request to CENTAGATE.
  • CENTAGATE requests for user credential.
  • User provides valid credentials, either username-password, PKI Token, SMS PIN or OTP.
  • CENTAGATE responses with an encrypted SAML with persistence-id asserted in it.
  • The persistence-id will be injected into REMOTE_USER environment variable
  • A session is created by the application server and sends to the browser.
  • Now user has a valid login session to access to application server.

Architecture

Above diagram illustrate the high level of CENTAGATE architecture. It can be divided into eight main components. UAP module is the front facing module handles the authentication request from third party client application. Self-Service module provides user interface for user registration and credential management. Integration API provides seamless integration interface for third party application integration. Authentication Module is the core module to handle multi-factor authentication methods. Web Administration provides interface to perform administrative functionalities. Archiving module will handle all the transaction time stamping and long term archiving as transactions evident and auditing. HSM Module will handle the HSM connection and API interface for signing purposes.