User Authentication
Authentication is the process of verifying that a
user can access the system. The end result of the authentication process is an
accepted userid; optionally additional information
about the user can also be extracted at this point e.g. roles, authorizations and credentials, and
this additional information can be checked later when the user is running
applications using the security API.
There are basically two
approaches to authenticating users:
1.
Users are authenticated automatically when they
first connect: this is the most
secure technique as users are not allowed access unless they have been
successfully authenticated. The system is supplied with a number of built-in
options. Follow the links for details of each option.
·
Use Windows Domain User. This also
includes options to extract user-related information from Active Directory.
·
Connect to an external authenticator
using Open Id Connect e.g. to access ADFS (a remote Active Directory) or
using the Google Identity Platform.
·
Gateway Server Authentication – authenticates
users who have connected using the Verj.io Gateway
product
·
Use a JSP or HTML page to prompt for userid/password (requires use of a Logon Service)
·
Use Custom Authentication – to meet any
other authentication requirements (requires use of a Logon
Service)
These
options are configured using the User
Authentication page of the Server
Admin App.
2.
Users are authenticated by the application: use this approach when you want to support a
mixture of authentication techniques or when you need to allow unauthenticated
users into the system e.g. when the application provides links to register new
users or has public pages. There are two commonly used options:
Click
here for details and
examples of using application authentication.
A Logon Service is a type of System Service (an
internal web service). Its job is to
check the user is valid (e.g. by checking a userid/password)
and then to extract any additional roles,
authorizations and credentials that may be needed. A Logon Service can be
invoked automatically when a new session connects or it can be invoked
programmatically at any time e.g. when a user clicks on some sort of Logon link or icon. For details, click
on the link below: