Authentication Service configuration overview

Most of the configuration that is associated with the authentication service and the supported authentication mechanisms is pre-configured on the appliance. In most scenarios, this configuration is adequate. However, some scenarios require customization to meet your requirements.

You can configure the following components to customize the authentication support:

Configure the point of contact settings.
Customize the authentication mechanism settings.
Modify the template pages to customize how you interact with your users.

Point of contact settings

You can configure the point of contact in the Advanced Configuration settings of the local management interface. For more information, see the configuration settings that begin with poc. in Managing Advanced Configuration.

This version of the Security Access Manager simplified the configuration that is required for the authentication service. Previous versions relied on a list of preconfigured authentication callbacks to determine the authentication flow. The addition of the new authentication policy format eliminated the need to rely on the authentication level value to determine the order of execution of the authentication mechanisms. The execution of an authentication event now depends on the content of the authentication policy. You can configure the Authentication Service to allow reauthentication. If enabled, the Authentication Service runs all the authentication mechanisms included on the authentication policy regardless of a pre-existing authentication session.

Access policy scenario configuration

This scenario is almost fully configured when you complete deployment and run activation and isamcfg. To enable this scenario:

Create an access policy that references any of the authentication policies that are provided.
Attach the access policy to the resource that you want to protect.

No further configuration is needed.

Web Gateway Appliance step-up authentication scenario

This scenario requires a set of manual steps to enable it when you complete deployment and run activation and isamcfg. This scenario relies on an ACL or POP on the point of contact configuration to initiate the policy execution. The user must complete an authentication policy flow when the policy requires that the user step up to a higher authentication. This setup is specific to and dependent on the point of contact technology you are using in your environment. To configure the Web Gateway Appliance to enable this scenario, see Configuring step-up authentication.

Web Gateway Appliance authentication scenario

This scenario requires a set of manual steps to enable it when you complete deployment and run activation and isamcfg. This scenario relies on an ACL or POP on the point of contact configuration to initiate the policy execution. The user must complete an authentication policy flow when the policy requires that the user authenticate. This setup is specific to and dependent on the point of contact technology you are using in your environment. To configure the Web Gateway Appliance to enable this scenario, see Configuring authentication.

Authentication mechanism settings

You can modify authentication mechanism settings through the local management interface. See the configuring topics for the authentication mechanisms you want to use:

For advanced customization of the authentication service or the one-time password generation, delivery, and verification, you can customize the mapping rules. See Managing mapping rules.

Template configuration

Many HTML pages and XML documents are provided to interact with your users. The pages prompt users for authentication information, provide them with one-time passwords, or notify them of errors during authentication. For information about customizing the template pages, see Modifying template files.