The Authentication screen allows you to set Authentication and other options.
Enable the Security Adapter for webserver
This checkbox allows you to enable and disable the Security Adapter on the web server. By default, this box is checked, which enables, or activates, the Security Adapter.
If you are configuring the Security Adapter for the first time for this web server, leave this box checked.
You can select one or any combination of the listed authentication mechanisms. For more information on these mechanisms, see the NetCrusader/Web Overview Guide.
SSL with Basic Authentication Check this box to use SSL (Secure Sockets Layer) with Basic Authentication. SSL sets up a secure communications channel between the browser and the server, preventing eavesdropping and loss of data integrity. Basic Authentication is part of the HTTP protocol. A user logs in with a username and password once for each realm (see below).
Realm
Enter a string to identify the entity issuing the authentication challenge.
SSL with Client Certificates Check this box to use SSL (Secure Sockets Layer) with Client Certificates. SSL sets up a secure communications channel between the browser and the server, preventing eavesdropping and loss of data integrity. A client certificate is a digital document that attests to the identity of the client. See the NetCrusader/Web Overview Guide for a detailed description of certificates and how they are used. See the NetCrusader/Web Installation and Operation Guide for details on obtaining and installing certificates.
Map Custom DN
You can map an X.500 Distinguished Name (DN) to a NetCrusader identity. This is referred to as identity mapping.
Mapping a custom DN allows you to configure the Security Adapter to acquire the DN from a specific header. The entire contents of the header is used as the DN.
When you enable custom identity mapping, all connections, both HTTP and HTTP over SSL, are authenticated using the mapped identity.
Custom DN Header
Indicate the name of the header that contains the distinguished name you will use to identify a user.
After configuring the Security Adapter, use NetCrusader Commander or a script to enter the value to be mapped. (For more information on using Commander, see the online help.)
Restrict IP Address
You can restrict access based on the source of the HTTP request. For example, you can place an authentication server or web proxy server between a browser and the web server that contains the Security Adapter. You can then limit access to requests that have successfully passed through the authentication or proxy server.
Restricting the IP address helps protect your web server against identity spoofing because only you know which field will be used to obtain the distinguished name and you designate which servers can be trusted to provide that information.
Trusted Client IP Header
Enter the name of the HTTP header that contains the IP address of the authentication server or proxy server. Consult the documentation of the authentication server or proxy server for this information.
Trusted IP Addresses
The trusted list is a list of the addresses of trusted authentication or web proxy servers. Enter an IP address in standard dotted format (for example, 127.0.0.0) or as a fully qualified DNS name (for example, myserver.acmewidget.com). Use commas to separate multiple values. You may enter more than one value.
Insert Basic Auth Header
If this box is checked, the Security Adapter will deny any user requests to pass through a junction if the ERA Extended Registry Attribute (ERA) for the user has not been specified during configuration. The contents of the ERA, prepended with the string Basic:, will be placed in the of the HTTP request which passes through the junction. For example, if the contents of the ERA is XYZ123, the contents of the Basic Authentication header will be Basic:XYZ123.
Authentication Attribute
Enter the name of the ERA to be used for authentication (for example, pre_auth_req).
Enable Junctions
A NetCrusader junction allows the web server to act as a reverse-proxy server. For more information on junctions, see the help topic for junctions.
Check this box if you want access to the Junction screen. If this box is not checked, the Junction screen does not appear and the junction feature is disabled for the server.
Enable Authorization
When enabled, the Security Adapter performs ACL checking on incoming HTTP and HTTPS requests using the default ACL model. The default ACL model operates independently of any custom ACL models used by a web server extension or application. The Security Adapter performs the default ACL checks before any user-developed extension or application receives the request.
If the NetCrusader/Web Security Adapter is enabled, but Authorization is disabled (that is, this box is not checked), all users must be authenticated and will be challenged.