Policy Server Guides › Policy Server Configuration Guide › Authentication Schemes › How to Configure a Basic Over SSL Authentication Scheme

How to Configure a Basic Over SSL Authentication Scheme

The Basic Over SSL Authentication Scheme verifies a user identity by passing user name and password credentials to a user directory. The process is similar to Basic authentication, but the credential delivery is always done over an encrypted Secure Sockets Layer (SSL) connection. An SSL connection is used even if the protected URLs are not setup to require SSL.

Note: The Basic Over SSL authentication scheme supports only ASCII characters.

1. Verify that Basic Over SSL authentication scheme prerequisites are met.
2. Configure a Basic Over SSL authentication scheme.

Verify the Basic over SSL Authentication Scheme Prerequisites

Before configuring a Basic over SSL authentication scheme, verify that the following prerequisites are met:

• Client user names and passwords must exist in a user directory.
• A directory connection exists between the Policy Server and the user directory.
• An X.509 Server Certificate is installed and SSL configured on the SSL web server.
• The network must support an SSL connection to the client browser using the HTTPS protocol.
• A web agent is installed on the web server where requests are redirected for SSL. The web agent enables the server to handle the .scc MIME type that the authentication scheme requires.

More information:

User Directories

Configure a Basic Over SSL Authentication Scheme

Use a Basic Over SSL authentication scheme to verify user identities against the user names and passwords that exist in the user directory. Credential delivery is completed over an encrypted Secure Sockets Layer connection.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object.

Follow these steps:

1. Click Infrastructure, Authentication.
2. Click Authentication Schemes.
3. Click Create Authentication Scheme.

   Verify that the Create a new object of type Authentication Scheme is selected.

   Click OK

4. Enter a name and optionally, a description.
5. Select a protection level.
6. Select Basic over SSL Template from the Authentication Scheme Type list.
7. Complete the following scheme-specific fields:

   Server Name

   Specifies the fully qualified domain name of the web server responsible for establishing an SSL connection. Although it is possible, this server is typically not the same server where the Web Agent is installed.

   Note: IP addresses are not supported.

   The server acts as the beginning of the URL that the Policy Server uses to redirect user credentials over an SSL connection.

   Domain names must contain at least two periods. Enter the server using the following format:

   servername.domainname.com

   Example: server1.example.com

   Port

   Specifies the port on which the SSL server is listening. This value is only required for communication over a non–default port.

   Target

   Specifies the path and name for the SSL Credentials Collector (SCC).

   The target value tells the Agent what to use to invoke the SCC. The target completes the URL that the Policy Server uses to redirect the user credentials over an SSL connection. The target can be customized in circumstances where proxy servers require specific URLs to support Basic over SSL authentication.

   The default value for the Target field is:

   /siteminder/nocert/smgetcred.scc

8. Click Submit.

   The authentication scheme is saved. You can now assign the scheme to an Application or realm.