An authentication definition specifies how Sterling External Authentication
Server authenticates a user of a destination service. The authentication definition specifies how to use attributes associated with the user specified in a request. In particular, it specifies a user ID and password to use to authenticate and optionally authorize the user. An authentication definition can include the following optional elements:
- Attribute query—Specifies an LDAP search to locate directory entries and returning attributes from those entries. The search must succeed for authentication to succeed. Create the query by specifying query parameters in a Uniform Resource Locator (URL), or by specifying parameters on the Query Parameters screen. Attribute query definitions can include variables as described in CV and Authentication Definition Variables.
- Attribute assertion—Specifies a Boolean statement that must evaluate as true for authentication to succeed. Attribute assertions allow the specification of additional conditions and compare details from the request, such as a user ID or destination service, to fixed data or to attributes returned from queries. Attribute assertion definitions can include variables as described in CV and Authentication Definition Variables.
- Applications outputs—Enables use of a directory object with an attribute query to map the query return attributes to an output name known by the client application. This is used to look up login credentials to pass to the client application, to log in to the destination service.
- Custom exit—Specifies details for exiting from a Sterling External Authentication
Server generic authentication definition to perform related tasks using a Java™ class or a script or program executed by running an operating system command.
An authentication definition authenticates users by accessing an LDAP server, a Tivoli® Access Manager authorization server, or a generic authentication configuration you customize with a custom exit, attribute query, or attribute assertion. Within an authentication definition you can create any or none of the optional elements. For more information on authentication definitions, see Creation and Management of LDAP Authentication Definitions, Generic Authentication Definitions, or Creation and Management of Tivoli Access Manager (TAM) Authentication Definitions.