Juniper is adding support for Security Assertion Markup Language to its remote-access gear, technology that lets users sign on once to a Secure Sockets Layer remote-access gateway and reach network resources without further authentication.

Juniper's SA 1000, SA 3000 and SA 5000 gateways sit between the Internet and corporate servers, proxying SSL sessions between remote computers and servers. When end users wanted to reach a particular application, they previously had to first authenticate to the Juniper device, then to the server they wanted to reach.

Juniper's competitors include Aventail, Check Point, Nortel and Whale Communications, but none of them supports XML-based SAML in their devices. Without having to remember passwords and log on to every application they want to access, users will find working over an SSL Internet link less cumbersome, the company says.

With SAML support, users will authenticate to the Juniper box, and the Juniper device checks with a SAML server for that user's logon information, which it then supplies to servers as needed. The SAML standard defines request and response messages that security domains use to exchange authentication, attribute and authorization information in the form of trust-assertion messages about named users and resources.

SAML support will be attractive to larger corporations that have invested in the costly SAML technology, says Robert Whiteley, a senior research associate with Forrester Research. Smaller businesses don't use SAML technology widely yet, he says.

Companies that grant business partners and customers SSL access to their networks will make doing business with them simpler by eliminating the need to remember new passwords, he says.

Remote machines could support SAML, but that would require installing a SAML software agent on each one, which requires time, money and ongoing maintenance.

SAML support comes with Version 4.1 of Juniper's Secure Access software for its SSL appliances. SAML support comes only with the Juniper Advanced SA software package. Upgrading from Basic to Advanced starts at about $10,000.

Whiteley says SSL remote-access vendors have engaged in a feature-function war about what their devices can do, but this goes beyond that to how these devices can integrate with other parts of the network infrastructure.

Click to see: