Previous Topic: Policies and Responses

Next Topic: Successful Authentications

Authentication Processing for Hierarchical Policies

Policies must contain rules. Rules can include authentication and authorization events. Based on how rules are configured, one of four authentication events can occur when the Policy Server attempts to identify a user based on credentials.

The Policy Server attempts to authenticate users based on the longest matching realm. For example, if a user attempts to access /home/employees/managers/manager.html, the Policy Server uses the /managers realms to determine the required credentials. In the example in the previous figure, the user must complete a browser-based form required by the HTML Forms authentication scheme associated with the realm.

Note: The longest matching realm also determines the timeouts for the user's session. If a timeout is associated with the realm in which the user successfully authenticated, that timeout is used. You can use responses to override a realm timeout for a specific resource or group of resources.

More information:

Configure Response Attribute Caching


Copyright © 2010 CA. All rights reserved. Email CA about this topic