Previous Topic: Authentication Schemes and Credential RequirementsNext Topic: Configure a Basic Authentication Scheme


Basic Authentication Schemes

The Policy Server installation process automatically configures a Basic authentication scheme. This scheme verifies a user’s identity according to a user name and password that are passed to a user directory service for authentication. For LDAP user directories, this is done via an LDAP “Bind” operation. The HTTP Basic Authentication protocol is used to deliver credentials from the browser to the Web server protected by the SiteMinder Web Agent. Basic authentication schemes are supported only with ASCII characters.

When a user attempts to access a resource protected by Basic authentication, the SiteMinder Agent prompts the user to enter a user name and password. When the user enters a name and password, the Agent passes the credentials to the Policy Server over an encrypted connection, and the Policy Server matches the name against the users contained in the directories attached to the policy domain that contains the resource. When the Policy Server finds a matching user name, it compares the password in the user directory to the password supplied by the user. If the passwords match, the user is authenticated, and the Policy Server sends a message to the Web Agent indicating that the Agent may proceed. If the authentication fails, the user is challenged to re-enter credentials.

Note: This scheme does not provide encrypted credential delivery by default. Instead, the user name and password are delivered from the browser to the Web server protected by the Web Agent via the standard HTTP Basic protocol, unless every protected URL on the Web server is set up to require SSL. However, communication between the Web Agent and the Policy Server always takes place over an encrypted connection. For an encrypted authentication scheme based on simple user names and passwords, see Basic Over SSL Authentication Schemes.

Realms that you create in the Administrative UI use the Basic authentication scheme by default. You can change the authentication scheme when you create a new realm or modify an existing realm.

For an additional level of security with Basic authentication, you can create password policies. This SiteMinder feature allows you to manage password rules.

More information:

Domains

Realms

Password Policies

Review Basic Scheme Prerequisites

Verify that the following prerequisites are met before configuring a Basic authentication scheme:

More information:

User Directories