Manualshelf

User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE
31323334353637383940
Authentication
1-23
Checking the Effectiveness of Certificate
The certificate used for certificate authentication can be checked effectiveness by the authentication
server. The effectiveness is checked based on the certificate revocation list (CRL) registered in the
authentication server. The CRL lists revoked certificates. If a certificate listed in the CRL is presented,
then authentication fails.
Note
If password authentication is being executed with basic authentication, a user cannot directly access the
Authentication infrastructure URL using, for example, a Web browser.
Combinations of Authentication Methods
Interstage Single Sign-on supports the following four authentication methods as combinations of
password authentication and certificate authentication. Authentication methods can be selected for
each user.
Authentication Method Description
password authentication This authentication method uses a user ID and password pair. Either
form authentication or basic authentication can be used.
certificate authentication This authentication method uses the certificate obtained at SSL client
authentication. Either the file-format certificate registered in the Web
browser can be used.
password authentication
or certificate
authentication
Success of authentication is assumed only when either password
authentication or certificate authentication is successful.
password authentication
and certificate
authentication
Success of authentication is assumed only when both password
authentication and certificate authentication are successful.
Password Authentication or Certificate Authentication
Success of authentication is assumed when either password authentication or certificate authentication
is successful.
This authentication method is appropriate for a user who frequently performs access from the
computers other than the one in which the user's certificate has been registered. For example, when a
user who always receives certificate authentication needs to access a resource from a different
computer during a business trip or cannot use the certificate for some reason, the user can obtain
access by using password authentication. The authentication operation is flexible.
This authentication method first requests the user to receive certificate authentication. When certificate
authentication is successful, success of authentication is assumed. If the user fails in certificate
authentication or presents no certificate, the user is requested to receive password authentication.
When password authentication is successful, success of authentication is assumed. If the user fails
password authentication, failure in authentication is assumed.
When the user has registered only one certificate or has not registered any certificate, the user can also
use the registered certificate without displaying the certificate selection window or display the password
authentication window without displaying the certificate selection window. For further details about how
to display the certificate selection window, refer to "Certificate Selection Windows".