Configuring IBM HTTP Server - Powered by Apache for IBM MFA

You can configure IBM® HTTP Server - Powered by Apache to use IBM MFA for BASIC authentication.

To do this, you must first configure PKCS#11 tokens and modify the configuration file conf/httpd.conf file to set IBM MFA-specific values. The conf/httpd.conf configuration file contains directives that customize the HTTP server.

After authentication has succeeded using IBM MFA credentials, a cookie is created that is retrieved on subsequent requests. If the cookie is still valid, authentication is bypassed and the web resource is served. The window of validity (MFAExpireSeconds) is defined by the system administrator and can be specified up to a maximum of 86400 seconds (1 day).

Note: If you are using IBM HTTP Server - Powered by Apache with compound in-band authentication, the possible separator values are a colon (:) and a vertical bar (|). The forward slash (/) is not supported as a separator.