5.8.1 Choose Authentication Method

Authentication validates the user's identity based on some credentials, such as a username/password combination or a client certificate. Select a method to authenticate users:

  • None — Management and Security Server does not present a login screen. Any user can access their assigned sessions without being prompted for credentials. Session authorization is not available.

  • LDAP — Management and Security Server makes a read-only connection to your existing LDAP (Lightweight Directory Access Protocol) server to verify usernames and passwords. You can also use LDAP to authorize session access. LDAP is an industry standard application protocol for accessing and maintaining distributed directory information services over a network.

    NOTE: You can enable more than one LDAP server.

  • Single sign-on through IIS — This method uses Microsoft IIS web server. This option requires no additional setup as long as you used the automated installer and chose to integrate with IIS during the installation process. You can find more information on install configurations in the MSS Installation Guide.

  • Windows Authentication - Kerberos — Kerberos is an authentication protocol that uses cryptographic tickets to avoid transmitting plain text passwords. Client services obtain ticket-granting tickets from the Kerberos Key Distribution Center (KDC) and present those tickets as their network credentials to gain access to services.

    NOTE:If Kerberos is enabled and you wish to use a different authentication method, you must first disable Kerberos. See Disabling Kerberos.

  • Windows Authentication - NTLMv2 (deprecated)For security reasons, this option, which uses the NT LAN Manager version 2 (NTLM v2) protocol to authenticate users, is not recommended.

    For details, see Knowledge Base article 7024851.

  • X.509 — X.509 is a standard for managing digital certificates and public key encryption. When you use certificate-based authentication, you can specify the certificate source and setting for LDAP failover if certificate-based authentication fails.

  • SiteMinder — To enable this option on a Windows system, install both MSS and a SiteMinder web agent on the same machine as IIS, and set up the server to use your IIS web server.

  • Micro Focus Advanced Authentication — MSS provides an optional Add-on to use Advanced Authentication™, a separate Micro Focus product that provides a multi-factor authentication solution that uses a chain of authentication methods.

  • SAML — SAML (Security Assertion Markup Language) is an xml-based open standard format that exchanges authentication and authorization data between an identity provider and a service provider.

The setup options vary based on your selection.

Related Topics