Enabling Trusted Authentication

Trusted authentication requires an authentication contract that specifies the type of authentication credentials. Identity Server and Access Gateway control these authentication requirements. You do not need to configure your web server to require authentication. Access Manager enforces the requirements for you.

In this example, you set up an authentication contract that requires a username and a password to access a directory on a web server.

  1. Click Devices > Access Gateways, then click Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Protected Resources > New.

  2. Specify a display name for the protected resource, then click OK.

  3. Select one of the following in Authentication Procedure:

    Name/Password - Basic: Basic authentication over HTTP using a standard login page provided by the web browser.

    Name/Password - Form: Form-based authentication over HTTP.

    Others are available, but for this basic setup, which does not enable SSL, select one of the above contracts. The contract needs to match the protocol.

    If these default authentication contracts are not available, you have not configured a relationship between Access Gateway and Identity Server. See Section 2.5.1, Configuring a Reverse Proxy and select a value for the Identity Server Cluster field.

  4. In URL Path List, configure the URL path to the page that this authentication contract will protect. For the web server configuration described in Prerequisites for a Basic Access Manager Setup, click the /* path and modify it to specify the following path:

    /protected/*

  5. Click OK > OK.

  6. Click Devices > Access Gateways > Update > OK.

  7. (Optional) To test this configuration from a client browser, log in to Access Gateway:

    1. Specify the published DNS name to this resource in the browser. For example, in Figure 2-3, you would specify the following URL:

      http://www.mytest.com

    2. Click the link to the protected page. This must be a link to the same page you configured in Step 4.

      Your browser must prompt you with a login page. If you selected Name/Password - Basic as the contract, the standard login page issued by your browser is displayed. If you selected Name/Password - Form, the default Access Manager login page is displayed.

    3. Log in to Identity Server with a username and password that is stored in your LDAP directory (Server 3 in Figure 2-3).

      You must have access to the information you have placed in the protected directory on your web server.

      If you have set up your web server to require basic authentication to access this directory, you are prompted again for login credentials.

      If you receive an error, see Common Authentication Problems.

  8. Continue with Setting Up Policies.