Defining an Authentication Server

An authentication server is a database that stores user credentials—username and password—and typically group and attribute information. When a user signs in to the host, the user specifies an authentication realm, which is associated with an authentication server. The system forwards the user’s credentials to this authentication server to verify the user’s identity.

The system supports the most common authentication servers, including Windows NT Domain, Active Directory, RADIUS, LDAP, NIS, RSA ACE/Server, SAML Server, and eTrust SiteMinder, and enables you to create one or more local databases of users who are authenticated. The system is preconfigured with one local authentication server for users called “System Local.” This predefined local authentication server is a system database that enables you to quickly create user accounts for user authentication. This ability provides flexibility for testing purposes and for providing third-party access by eliminating the need to create user accounts in an external authentication server.

You can view the default local authentication server on the Authentication Servers page.

Note: The system also supports authorization servers. An authorization server (or directory server) is a database that stores user attribute and group information. You can configure an authentication realm to use a directory server to retrieve user attribute or group information for use in role mapping rules and resource policies.

To define an authentication server:

  1. In the admin console, choose Authentication > Auth. Servers.
  2. Select Local Authentication from the New list and then click New Server.

    The New Local Authentication page appears.

  1. Enter Test Server in the Name box and then click Save Changes.

    Wait for the system to notify you that the changes are saved, after which additional configuration tabs appear.

  1. Click the Users tab and then click New.

    The New Local User page appears.

  1. Enter testuser2 in the Username box, enter a password, and then click Save Changes to create the user’s account in the Test Server authentication server.

After completing these steps, you have created an authentication server that contains one user account. This user can sign in to an authentication realm that uses the Test Server authentication server.

The admin console provides last access statistics for each user account on the respective authentication servers pages, on the Users tab under a set of columns titled Last Sign-in Statistic. The statistics reported include the last successful sign-in date and time for each user, the user’s IP address, and the agent or browser type and version.

Related Topics