Policy Server Guides › Policy Server Configuration Guide › Authentication Schemes › How to Configure a Basic Authentication Scheme

How to Configure a Basic Authentication Scheme

The Policy Server installation automatically configures a Basic authentication scheme. This scheme verifies a user identity according to a user name and password that are passed to a user directory service for authentication. Basic authentication schemes support only ASCII characters.

When a user attempts to access a resource that is protected by Basic authentication, the web agent prompts the user to enter a user name and password. After the user enters a name and password, the agent passes the credentials to the Policy Server over an encrypted connection. The Policy Server processes the credentials and if successful, instructs the Web Agent to permit access. If the authentication fails, the user is challenged to reenter credentials.

Note: By default, this scheme does not encrypt credentials that are passed from the browser to the web agent. Standard HTTP Basic protocol is used to pass the data. However, communication between the Web Agent and the Policy Server always takes place over an encrypted connection. For an encrypted authentication scheme based on simple user names and passwords, use the Basic Over SSL authentication scheme.

By default, applications and realms that you create in the Administrative UI use the Basic authentication scheme. You can change the authentication scheme.

To display non-English realm names and permit non-English characters as login credentials in a basic authentication window, verify that the following criteria are met:

• Use only Internet Explorer as the web browser for all IIS and Apache on Windows web servers.
• The locale of the web server machine must match the locale of the web browser.

  

To configure a Basic authentication scheme:

1. Review Basic authentication scheme prerequisites.
2. Configure a Basic authentication scheme.

Review Basic Scheme Prerequisites

Verify that the following prerequisites are met before configuring a Basic authentication scheme:

• Client user name and password information exists in a user directory.
• A directory connection exists between the Policy Server and the user directory.

More information:

User Directories

Configure a Basic Authentication Scheme

Configure a Basic authentication scheme in the Administrative UI to verify user identities against user names and passwords that exist in the user directory.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object.

Follow these steps:

1. Click Infrastructure, Authentication.
2. Click Authentication Schemes.
3. Click Create Authentication Scheme.

   Verify that the Create a new object of type Authentication Scheme is selected.

   Click OK

4. Enter a name and protection level.
5. Select Basic Template from the Authentication Scheme Type list.
6. Click Submit.

   The authentication scheme is saved and can now be assigned to a realm.