Configuring An Authentication Procedure For Non-Redirected Login - Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual

1.3.2 Configuring an Authentication Procedure for Non-
Redirected Login
When a contract is created, it is assigned an authentication procedure that allows the user to be
redirected to the Identity Server for authentication. Some applications, such as AJAX and WebDAV
applications, do not support redirection for authentication. You can change the authentication
behavior of a contract so that redirection does not occur.
When non-redirected login is enabled, the Access Gateway prompts the user to supply basic
authentication credentials. The SOAP back channel between the Access Gateway and the Identity
Server is used to complete the authentication on the user's behalf rather than a redirect. The SOAP
back channel is also used for the session renewals.
Non-redirected login has the following restrictions:
Password Expiration Services: When you modify the authentication procedures to use non-
redirected login, you cannot also use a password expiration service. Even when the Password
expiration servlet and Allow user interaction options are configured, users are not redirected
when their passwords are expiring and they are not prompted to change their passwords.
Locked Shared Secrets: When non-redirected login is enabled, users are not prompted for
their passphrase for locked shared secrets.
Session Limits: Non-redirected login can cause the user to create more than one session with
the Identity Server because the SOAP back channel uses a different process than authentication
requests that are directed to the Identity Server. Therefore, do not limit your users to one
session. Session limits are set by clicking Devices > Identity Servers > Edit.
If the contract you are going to use for non-redirected login is also assigned to protected resources
that do not require non-redirected login, you should create a new authentication procedure for the
resource requiring non-redirected login. Multiple authentication procedures can be configured to use
the same contract.
To configure an authentication procedure:
1 Click Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] >
Protected Resources > [Name of Protected Resource].
2 On the Authentication Procedure line, click the Edit Authentication Procedure icon.
The Authentication Procedure List displays all available contracts, the name of the
authentication procedure they are assigned to, the protected resources that the authentication
procedure has been assigned to, and whether the procedure has been enabled for non-redirected
login.
3 Select one of the following actions:
To create an new authentication procedure, click New, specify a name, then click OK.
Continue with
To modify an existing authentication procedure, click the name of the procedure. Continue
with Step 4.
Step 4.
Configuring the Access Gateway to Protect Web Resources 29