That's a pretty tall order for one product. You may want to take a look at a combination of some of the following...
products, each of which has one or more of the elements you require.
A flexible Web authentication product is NetSwift iGate from SafeNet Inc. This product is a hardware appliance that sits between your Web server and your firewall. Users then need a token and a PIN to access Web-based applications. The product can control external access to your Web applications, as in an extranet, or it can also function with corporate intranets. The product is only meant for accessing Web applications, not an entire company's network, but this authentication tool would still be compatible with many of your existing applications. NetSwift iGate uses SSL for all connections but isn't an SSL VPN, which is a yet another authentication option you might want to consider.
If you're in need of an SSL-VPN tool, consider using an Aventail Corp. product as their line can be fine-tuned to allow access to only selected portions of your Web applications. You can then customize your access controls as you see fit. Aventail products can also be integrated into Active Directory, and are then compatible with Windows environments. However, because an SSL VPN enables only remote or external access, to meet your internal needs, the network will have to be combined with another product.
As for application-level firewalls, Breach Security Inc.'s BreachGate WebDefend offers application-level security for Web programs. This product uses a series of threat-detection engines to analyze and look for malicious traffic, even after it has passed through your firewalls and intrusion detection systems (IDS). The engines use a variety of techniques to match threat signatures, analyze HTTP protocol misuse and check for known Web and application attacks.
In terms of the SSO piece of your setup, a suitable lightweight product is OneSign from Imprivata Inc. This device is a hardware-based SSO product. Unlike traditional SSO products, which use software modules installed on existing servers, this is a stand-alone device. Depending on the size of your organization -- Imprivata's products are geared toward SMBs -- these highly customizable products may be what you're looking for. As new applications are developed, they can be added to the product via its Web-based interface.
However, before jumping into a range of products, it would be best to carefully evaluate your needs, your organization's size and the compatibility of these products with each other, your network and your Web servers.
For more information:
Dig Deeper on Enterprise Single Sign-On (SSO)
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.