Policy Server Guides › Policy Server Configuration Guide › Authentication Schemes › How to Configure a Basic Authentication Scheme

How to Configure a Basic Authentication Scheme

The Policy Server installation process automatically configures a Basic authentication scheme. This scheme verifies a user identity according to a user name and password that are passed to a user directory service for authentication. Basic authentication schemes support only ASCII characters.

When a user attempts to access a resource protected by Basic authentication, the CA SiteMinder® Agent prompts the user to enter a user name and password. When the user enters a name and password, the Agent passes the credentials to the Policy Server over an encrypted connection. The Policy Server matches the name against the users contained in the directories that are associated with the policy domain that contains the resource. When the Policy Server finds a matching user name, it compares the password in the user directory to the password supplied by the user. If the passwords match, the user is authenticated and the Policy Server instructs the Web Agent to proceed. If the authentication fails, the user is challenged to reenter credentials.

Note: By default, this scheme does not encrypt credentials that are passed from the browser to the Web Agent. The user name and password are delivered from the browser to the Web Agent using the standard HTTP Basic protocol. However, communication between the Web Agent and the Policy Server always takes place over an encrypted connection. For an encrypted authentication scheme based on simple user names and passwords, use the Basic Over SSL authentication scheme.

By default, applications and realms that you create in the Administrative UI use the Basic authentication scheme that is created automatically during installation. You can change the authentication scheme when you create an application or realm or when you modify an existing application or realm.

To let CA SiteMinder® display non-English realm names and let you enter non-English characters as login credentials in a basic authentication window, verify that the following criteria are met:

• Only Internet Explorer must be used as the web browser for all IIS and Apache on Windows web servers.
• The locale of the web server machine must match the locale of the web browser.

  

To configure a Basic authentication scheme:

1. Review Basic authentication scheme prerequisites.
2. Configure a Basic authentication scheme.

Review Basic Scheme Prerequisites

Verify that the following prerequisites are met before configuring a Basic authentication scheme:

• Client user name and password information exists in a user directory.
• A directory connection exists between the Policy Server and the user directory.

More information:

User Directories

Configure a Basic Authentication Scheme

Configure a Basic authentication scheme in the Administrative UI to verify user identities against user names and passwords that exist in the user directory.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object.

Follow these steps:

1. Click Infrastructure, Authentication.
2. Click Authentication Schemes.

   The Authentication Schemes page appears.

3. Click Create Authentication Scheme.

   Verify that the Create a new object of type Authentication Scheme is selected.

4. Click OK

   The Create Authentication Scheme page appears.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

5. Enter a name and protection level.
6. Select Basic Template from the Authentication Scheme Type list.
7. Click Submit.

   The authentication scheme is saved and can now be assigned to a realm.