How Sterling External Authentication Server works
Sterling External Authentication Server responds to a request from a client application and performs certificate validation and user authentication.
Sterling External Authentication Server includes a server that client applications connect to and a GUI to configure Sterling External Authentication Server requirements.
| Authentication Mechanism | Function |
|---|---|
| LDAP | Allows a user to be authenticated against an LDAP server. |
| SSHKEY | Allows Sterling External Authentication Server to authenticate a user's SSH public key if it is coming through Secure Proxy. |
| JAAS | Allows for chained authentication and for a user to be authenticated against multiple mechanisms simultaneously. |
| TAM | Allows a user to be authenticated against IBM Tivoli Access Manager. |
| Generic | Allows a user to implement and plug in any authentication mechanism that is not supported as a default mechanism through Sterling External Authentication Server. |
| GIS | Allows a user to be authenticated against an IBM SI/SFG authentication server. |
For SSL or TLS authentication, the connection between Sterling External Authentication Server and the client application is authenticated. Then, the client application sends a request with a certificate chain and/or a user ID and password. Sterling External Authentication Server uses the certificate validation or authentication definition referenced in the request to perform the requested operations.
For SSH authentication, the client application sends a request to Sterling External Authentication Server that contains a profile name, user ID, or SSH public key. Sterling External Authentication Server uses the configuration information in the profile to bind to an LDAP directory and look up the SSH key assigned to the user. It also performs an attribute assertion to match the key provided against the list of keys found in the LDAP directory.
After you install Sterling External Authentication Server, configure it for operation in your environment. Sterling External Authentication Server supports a flexible configuration to meet a variety of certificate validation and user authentication and authorization needs, including TCP ports (listeners), SSL/TLS protocol operation, system-wide server connections, logging operation, and other global system parameters.