User Authentication

 

Documentation home

 

 

User Authentication

Authentication is the process of verifying that a user can access the system. The end result of the authentication process is an accepted userid; optionally additional information about the user can also be extracted at this point e.g. roles, authorizations and credentials, and this additional information can be checked later when the user is running applications using the security API.

 

 

Implementation options

There are basically two approaches to authenticating users:

 

1.      Users are authenticated automatically when they first connect: this is the most secure technique as users are not allowed access unless they have been successfully authenticated. The system is supplied with a number of built-in options. Follow the links for details of each option.

 

·         Use Windows Domain User. This also includes options to extract user-related information from Active Directory.

·         Connect to an external authenticator using Open Id Connect e.g. to access ADFS (a remote Active Directory) or using the Google Identity Platform.

·         Gateway Server Authentication – authenticates users who have connected using the Verj.io Gateway product

·         Use a JSP or HTML page to prompt for userid/password (requires use of a Logon Service)

·         Use Custom Authentication – to meet any other authentication requirements (requires use of a Logon Service)

 

These options are configured using the User Authentication page of the Server Admin App.

 

2.      Users are authenticated by the application: use this approach when you want to support a mixture of authentication techniques or when you need to allow unauthenticated users into the system e.g. when the application provides links to register new users or has public pages. There are two commonly used options:

 

• The application routes the user to a logon form which collect user/password information and passes this to a Logon Service to be validated.
• The application invokes authentication using an Open Id Connect provider.

 

Click here for details and examples of using application authentication.

 

Logon Service

A Logon Service is a type of System Service (an internal web service).  Its job is to check the user is valid (e.g. by checking a userid/password) and then to extract any additional roles, authorizations and credentials that may be needed. A Logon Service can be invoked automatically when a new session connects or it can be invoked programmatically at any time e.g. when a user clicks on some sort of Logon link or icon. For details, click on the link below:

 

Implementing a Logon Service