You add authentication methods using the Add Authentication Method Wizard. Each step of the wizard is represented by a tab when editing a specific authentication method.
The steps and tabs are:
•General settings
•RADIUS replies (displayed only if the authentication method is RADIUS-based)
•Extended properties Confidence
Online This authentication method supports Confidence Online clients.
User Certificate The User Certificate authentication method is based on user/certificate attribute mapping. The user is authenticated only if there is an exact, unique match between the configured certificate attribute and the user attribute.
NTLM The NTLM authentication method is used in various Microsoft network protocol implementations.
Basic This authentication method performs a basic authentication according to RFC 2617, “HTTP Authentication: Basic and Digest Access Authentication”.
General RADIUS The general RADIUS authentication method can be used with any RADIUS-compliant authentication server.
Extended User Bind
The Extended User Bind authentication method adds an extended form of user data retrieval, parsing, and matching with user-presented certificates and the LDAP user object.
Form-Based Authentication
Windows Integrated Login
Windows Integrated Login authentication enables the use of Windows domain credentials for authentication. User credentials are retrieved from the client, and do not have to be entered by the user.
E-ID
A consortium of Scandinavian banks has agreed on a standard service for electronic authorization and signing over the Internet. The E-ID software is Java-based, and no client installations are required.
E-ID Signer Using E-ID, the client can authorize an order or a document by signing.
Table 12.2 Additional Authentication Methods (Continued) Authentication
Method Description
To add an Authentication Method
1. Browse to Manage SystemAuthentication Methods. The Manage Authentication Methods page opens.
2. Click Add Authentication Method. The Add Authentication Method Wizard starts.
3. Select the authentication method to be added and click Next.
4. (Optional) To make prevent the authentication method from appearing in the authentication menu, deselect Visible in the Authentication Menu.
5. Enter a Display Name for the authentication method and specify the authentication method logon Template Name.
6. Proceed according to the authentication method you are configuring:
7. Click Add Authentication Method Server. The Add Authentication Method Server page opens.
8. Define the following general properties for the Authentication Method Server:
Authentication
Method Configuration
LDAP Click Next and skip to Step 12.
User Certificate Select the Certificate Authority, click Next, and skip to Step 12.
Extended User Bind Select the Certificate Authority and proceed to Step 7.
E-ID Signer
(Optional) Select Return Signature if you want to display the signature.
(Optional) If you want to copy the extended properties from another authentication method, select Inherit Extended Properties and select the authentication method to Use Settings From.
Proceed to Step 7.
All other methods Proceed to Step 7.
Property Description
Host The host address of the Authentication Service for the authentication method.
Port The port for the Authentication Service.
Time-out How long the client waits for a reply from the authentication method server before trying to connect the next one on the list.
Listen on all
interfaces (Stonesoft Authentication methods only) Select if you want the server to listen to all interfaces.
134 Chapter 12 Managing Authentication Methods
9. Define the following additional properties depending on the type of Authentication Method Server you are adding:
Table 12.3 Additional Properties Authentication
Method Property Description
General RADIUS Shared Secret The secret shared between the RADIUS client and the RADIUS server.
SecurID Shared Secret The secret shared between the RADIUS client and the RADIUS server.
SafeWord Shared Secret The secret shared between the RADIUS client and the RADIUS server.
Active Directory
Account The Distinguished Name or Principal Name of the administrator for the Active Directory server.
Password The password used when binding to the directory server.
Root DN The Distinguished Name of the root node.
IBM Tivoli
Account The Distinguished Name or Principal Name of the administrator for the Active Directory server.
Password The password used when binding to the directory server.
Users Root DN The Distinguished Name of the root domain in which to search for users.
Password Policy DN The Distinguished Name of the domain where the password policies are located.
IBM RACF
Account The Distinguished Name or Principal Name of the administrator for the Active Directory server.
Password The password used when binding to the directory server.
Users Root DN The Distinguished Name of the root domain in which to search for users.
Password Policy DN The Distinguished Name of the domain where the password policies are located.
Expiration message (reg-exp)
(Optional) The error code returned when the password is expired.
Novell eDirectory
Account The Distinguished Name or Principal Name of the administrator for the Active Directory server.
Password The password used when binding to the directory server.
Users Root DN The Distinguished Name of the root domain in which to search for users.
Windows Integrated Login
Path The path to the Logon page. For example, /directory/pagename.html.
Enable SSL Use the SSL protocol in communications with the server.
CA Certificate The certificate of the Certificate Authority used to validate the certificates presented by other servers.
NTLM
Path The path to the Logon page. For example, /directory/pagename.html.
Enable SSL Use the SSL protocol in communications with the server.
CA Certificate The certificate of the Certificate Authority used to validate the certificates presented by other servers.
Domain The Domain to which the authentication method server belongs.
Basic
Path The path to the Logon page. For example, /directory/pagename.html.
Enable SSL Use the SSL protocol in communications with the server.
CA Certificate The certificate of the Certificate Authority used to validate the certificates presented by other servers.
Extended User Bind
User Root DN The Distinguished Name of the root domain in which to start searching for users.
Attribute Name The name for user objects in the directory service.
Attribute Value The object class for user objects in the directory service.
Search Scope The range of levels at which to search when searching for objects in the directory service.
User DN The User DN for performing the search.
Password The user password for performing the search.
E-ID
Service Identifier The service identifier configured in the Nexus MultiID core server.
Server Connection Time-out
The maximum time for a server connection to be established.
Server Unavailable Interval
The number of connection retries for servers that are not responding.
Table 12.3 Additional Properties (Continued) Authentication
Method Property Description
136 Chapter 12 Managing Authentication Methods 10.Click Next.
11.(RADIUS-based authentication methods only) Click Next. The RADIUS Replies page opens.
Add or edit RADIUS replies if necessary, and click Next.
12.If necessary, add Extended Properties to customize how the authentication is handled.
13.Click Finish Wizard. To activate the changes, click Publish at the top of the page.