Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0

Chapter 4. Configuration and customization 115

7. Basic authentication (username and password)

8. HTTP headers

9. IP address

10.External Authentication Interface (EAI)

HTTP and HTTPS authentication methods can be independently enabled and

disabled for both HTTP and HTTPS transports. The only exception is the

client-side certificate that requires an HTTPS type of connection (transport). If no

authentication methods are enabled for a particular transport, the authentication

process is inactive for clients using that transport.

WebSEAL uses the concept of authentication modules to use different

authentication methods. An authentication mechanism describes how an

authentication method is enabled and specifically refers to the configuration

stanza entry (such as passwd-ldap) used in the WebSEAL configuration file.

WebSEAL supports three types of authentication modules:

򐂰 Built-in modules that ship with WebSEAL and that are fully supported

򐂰 Support for custom external authentication solutions using the external

authentication interface (EAI)

򐂰 Support for custom modules written using the external authentication C API

(know as CDAS in the previous release)

The following built-in modules exist in Access Manager:

passwd-ldap Password authentication via LDAP (Forms/BasicAuth)

passwd-uraf Password authentication using the Tivoli Access Manager

User Registry Adapter Framework (URAF) for Active

Directory or Domino (Forms/Basic Auth)

token-cdas Token authentication (SecureID)

cert-ldap SSL client certificate authentication

http-request HTTP header or IP address authentication

kerberosv5 Simple and Protected Negotiation (SPNEGO) authentication

with WebSEAL (Windows Desktop Single Sign-On)

4.3.1 Basic authentication with user ID and password

Basic authentication (BA) is part of the HTTP standard and defines a

standardized way in which user ID and password information is passed to a Web

server. When WebSEAL sends a BA challenge to the browser, the browser pops

up a dialog panel requesting user name and password from the user. When this

information is entered, the browser sends its original request again, but this time

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 by Axel Buecker, Vladimir Jeremic