Web Authentication Server

Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else), using an assigned or self-declared password. Learn More
  • Security Resources
  • Two-Factor and Multifactor Authentication Strategies
  • Secure Remote Access
On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant (such as the exchange of money) is that passwords can often be stolen, accidentally revealed, or forgotten. For this reason, Internet business and many other transactions require a more stringent authentication process. The use of digital certificates issued and verified by a Certificate Authority (CA) as part of a public key infrastructure is considered likely to become the standard way to perform authentication on the Internet.

Web server authentication (HTTP authentication is the technically correct term) is the most common application of third-party authentication. With web server authentication, the web server performs the authentication and SGD determines the user identity and user profile. The advantage of web server authentication is that you can use any web server authentication plug-in as long as it sets the REMOTE_USER environment variable. If the authentication plug-in you use sets a different variable, you can configure SGD to support it.

You can use web server authentication and system authentication together. It is best to enable at least one system authentication mechanism as a fallback. If SGD cannot find a user profile for a user, the standard SGD login page displays so that the user can authenticate using a system authentication mechanism.

How Web Server Authentication Works ?

Web server authentication works as follows:
  • A web server administrator protects a section of a web site. For SGD, this is usually the http://server/sgd URL.
  • When a web browser first tries to access a URL within the protected section, the web server responds by requesting authentication.
  • The web browser displays an authentication dialog to the user. SGD users do not see the SGD login screen.
  • The user types a user name and password, which the browser sends to the web server.
  • The web server authenticates the user's credentials and allows access to the requested URL. SGD users go directly to their webtop.
The web browser caches the user's credentials because the credentials must be sent with every request to the protected URL. The browser sends the credentials automatically. The credentials are cached as follows:

  • Temporarily - the credentials are cached until the user closes the browser.
  • Permanently - the user selects the check box on the browser's authentication dialog.
User Identity and User Profile Once the web server has authenticated the user, its sets the REMOTE_USER environment variable. This variable contains the user name of the authenticated user. SGD takes the value of the REMOTE_USER variable and uses it to search for the user identity and user profile. SGD supports four search methods for establishing the user identity and user profile. These are described in Third-party Authentication.

Article source: http://searchsecurity.techtarget.com/definition/authentication
Article source: http://download.oracle.com/docs/cd/E19728-01/820-2550/webserver_auth.html