Policy Server Guides › Policy Server Configuration Guide › Authentication Schemes › Anonymous Authentication Schemes

Anonymous Authentication Schemes

The Anonymous authentication scheme allows CA SiteMinder® to provide access privileges to users who are not yet identified in your network. Assigning an Anonymous authentication scheme to a realm does not provide access control, but it does allow CA SiteMinder® to personalize content for the user.

When a user accesses a resource in a realm that uses the Anonymous scheme, the Policy Server assigns a Global Unique Identifier (GUID). This GUID is stored on the user’s browser and provides a method for identifying the anonymous user.

When you create an Anonymous authentication scheme, you must specify a guest distinguished name (DN). You can bind policies to this guest DN that provide personalized content.

Note: Personalized content in a realm protected by an Anonymous scheme is based on the guest DN, not the GUID of the user. Anonymous users view content according to policies that include the guest DN. Identified users have a distinct DN, so an identified user who accesses the same resource (protected by an anonymous scheme) views the content of the resource based on their unique DN rather than the guest DN.

More information:

Realms

Anonymous Scheme Prerequisites

Ensure the following prerequisites are met before configuring an Anonymous authentication scheme:

• A guest DN for anonymous user exists in a user directory.
• A directory connection exists between the Policy Server and the user directory.
• If you want to track users according to GUIDs assigned by Anonymous authentication, you enable user tracking on the CA SiteMinder® Global Settings pane.

  Note: More information on enabling user tracking exists in the Policy Server Administration guide.

More information:

User Directories

Configure an Anonymous Authentication Scheme

You can use an Anonymous authentication scheme to give non-registered users access to specific Web content.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object. For more information, see Duplicate Policy Server Objects.

Follow these steps:

1. Click Infrastructure, Authentication.
2. Click Authentication Schemes.

   The Authentication Schemes page appears.

3. Click Create Authentication Scheme.

   Verify that the Create a new object of type Authentication Scheme is selected.

4. Click OK

   The Create Authentication Scheme page appears.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

5. Enter a name and a protection level.
6. Select Anonymous Template from the Authentication Scheme Type list.

   Scheme-specific settings appear.

7. Enter the DN of a user.
8. Click Submit.

   The authentication scheme is saved and can be assigned to a realm.