The Basic Over SSL Authentication Scheme verifies a user identity by passing user name and password credentials to a user directory in a process similar to Basic authentication. The difference is that credential delivery is always done over an encrypted Secure Sockets Layer (SSL) connection even if the protected URLs are not setup to require SSL.
Note: The Basic Over SSL authentication scheme supports only ASCII characters.
When a user attempts to access a resource protected by Basic Over SSL authentication, the CA SiteMinder® Agent prompts the user to enter a user name and password. When the user enters a name and password, the Agent passes the credentials to the Policy Server over an encrypted connection. The Policy Server matches the name against the users contained in the directories that are associated with the policy domain that contains the resource. When the Policy Server finds a matching user name, it compares the password in the user directory to the password supplied by the user. If the passwords match, the user is authenticated and the Policy Server instructs the Web Agent to proceed. If the authentication fails, the user is challenged to reenter credentials.
Verify that the following prerequisites are met before configuring a Basic over SSL authentication scheme:
Use a Basic Over SSL authentication scheme to verify user identities against the user names and passwords that exist in the user directory. Credential delivery is completed over an encrypted Secure Sockets Layer connection.
Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object.
Follow these steps:
The Authentication Schemes page appears.
Verify that the Create a new object of type Authentication Scheme is selected.
The Create Authentication Scheme page appears.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Scheme-specific settings open in the Scheme Setup section.
Specifies the fully qualified domain name of the web server responsible for establishing an SSL connection. Although it is possible, this server is typically not the same server where the Web Agent is installed.
Note: IP addresses are not supported.
The server acts as the beginning of the URL that the Policy Server uses to redirect user credentials over an SSL connection.
Domain names must contain at least two periods. Enter the server using the following format:
servername.domainname.com
Example: server1.example.com
Specifies the port on which the SSL server is listening. This value is only required for communication over a non–default port.
Specifies the path and name for the SSL Credentials Collector (SCC).
The target value tells the CA SiteMinder® Agent what to use to invoke the SCC. The target completes the URL that the Policy Server uses to redirect the user credentials over an SSL connection. The target can be customized in circumstances where proxy servers require specific URLs to support Basic over SSL authentication.
The default value for the Target field is:
/siteminder/nocert/smgetcred.scc
The authentication scheme is saved. You can now assign the scheme to an Application or realm.
|
Copyright © 2013 CA.
All rights reserved.
|
|