Chapter 4. Configuration and customization 115
7. Basic authentication (username and password)
8. HTTP headers
9. IP address
10.External Authentication Interface (EAI)
HTTP and HTTPS authentication methods can be independently enabled and
disabled for both HTTP and HTTPS transports. The only exception is the
client-side certificate that requires an HTTPS type of connection (transport). If no
authentication methods are enabled for a particular transport, the authentication
process is inactive for clients using that transport.
WebSEAL uses the concept of authentication modules to use different
authentication methods. An authentication mechanism describes how an
authentication method is enabled and specifically refers to the configuration
stanza entry (such as passwd-ldap) used in the WebSEAL configuration file.
WebSEAL supports three types of authentication modules:
򐂰 Built-in modules that ship with WebSEAL and that are fully supported
򐂰 Support for custom external authentication solutions using the external
authentication interface (EAI)
򐂰 Support for custom modules written using the external authentication C API
(know as CDAS in the previous release)
The following built-in modules exist in Access Manager:
passwd-ldap Password authentication via LDAP (Forms/BasicAuth)
passwd-uraf Password authentication using the Tivoli Access Manager
User Registry Adapter Framework (URAF) for Active
Directory or Domino (Forms/Basic Auth)
token-cdas Token authentication (SecureID)
cert-ldap SSL client certificate authentication
http-request HTTP header or IP address authentication
kerberosv5 Simple and Protected Negotiation (SPNEGO) authentication
with WebSEAL (Windows Desktop Single Sign-On)
4.3.1 Basic authentication with user ID and password
Basic authentication (BA) is part of the HTTP standard and defines a
standardized way in which user ID and password information is passed to a Web
server. When WebSEAL sends a BA challenge to the browser, the browser pops
up a dialog panel requesting user name and password from the user. When this
information is entered, the browser sends its original request again, but this time

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.