Previous Topic: How to Configure a Basic Authentication SchemeNext Topic: How to Configure HTML Forms Authentication


How to Configure a Basic Over SSL Authentication Scheme

The Basic Over SSL Authentication Scheme verifies a user identity by passing user name and password credentials to a user directory in a process similar to Basic authentication. The difference is that credential delivery is always done over an encrypted Secure Sockets Layer (SSL) connection even if the protected URLs are not setup to require SSL.

Note: The Basic Over SSL authentication scheme supports only ASCII characters.

When a user attempts to access a resource protected by Basic Over SSL authentication, the CA SiteMinder® Agent prompts the user to enter a user name and password. When the user enters a name and password, the Agent passes the credentials to the Policy Server over an encrypted connection. The Policy Server matches the name against the users contained in the directories that are associated with the policy domain that contains the resource. When the Policy Server finds a matching user name, it compares the password in the user directory to the password supplied by the user. If the passwords match, the user is authenticated and the Policy Server instructs the Web Agent to proceed. If the authentication fails, the user is challenged to reenter credentials.

Diagram illustrating the process for configuring Basic Over SSL authentication

  1. Verify that Basic Over SSL authentication scheme prerequisites are met.
  2. Configure a Basic Over SSL authentication scheme.
Verify That Basic over SSL Authentication Scheme Prerequisites Are Met

Verify that the following prerequisites are met before configuring a Basic over SSL authentication scheme:

More information:

User Directories

Configure a Basic Over SSL Authentication Scheme

Use a Basic Over SSL authentication scheme to verify user identities against the user names and passwords that exist in the user directory. Credential delivery is completed over an encrypted Secure Sockets Layer connection.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object.

Follow these steps:

  1. Click Infrastructure, Authentication.
  2. Click Authentication Schemes.

    The Authentication Schemes page appears.

  3. Click Create Authentication Scheme.

    Verify that the Create a new object of type Authentication Scheme is selected.

  4. Click OK

    The Create Authentication Scheme page appears.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  5. Enter a name and optionally, a description.
  6. Select a protection level.
  7. Select Basic over SSL Template from the Authentication Scheme Type list.

    Scheme-specific settings open in the Scheme Setup section.

  8. Complete the following scheme-specific fields:
    Server Name

    Specifies the fully qualified domain name of the web server responsible for establishing an SSL connection. Although it is possible, this server is typically not the same server where the Web Agent is installed.

    Note: IP addresses are not supported.

    The server acts as the beginning of the URL that the Policy Server uses to redirect user credentials over an SSL connection.

    Domain names must contain at least two periods. Enter the server using the following format:

    servername.domainname.com

    Example: server1.example.com

    Port

    Specifies the port on which the SSL server is listening. This value is only required for communication over a non–default port.

    Target

    Specifies the path and name for the SSL Credentials Collector (SCC).

    The target value tells the CA SiteMinder® Agent what to use to invoke the SCC. The target completes the URL that the Policy Server uses to redirect the user credentials over an SSL connection. The target can be customized in circumstances where proxy servers require specific URLs to support Basic over SSL authentication.

    The default value for the Target field is:

    /siteminder/nocert/smgetcred.scc

  9. Click Submit.

    The authentication scheme is saved. You can now assign the scheme to an Application or realm.