One of our customer is a healthcare company hosting two web based applications( ORacle 9g and coldfusion 8, respectively IIS and apache web based applications)
The idea is that the customer wants added security to those web based applications when accessed from the internet, additionally and for ease of use, their customers should not enter a username and password more than once.
I was thinking of a clientless vpn where I can publish the urls for those two web based applications and I noticed there is an autosignon command which uses the credentials used for the ssl vpn to authenticate for the web application as well. Did I get it right? just one time authentication to access both the web based application and the vpn?