InfoCenter Home >
5: Securing applications -- special topics >
5.1: The WebSphere security components >
5.1.2: The WebSphere authentication model

5.1.2: The WebSphere authentication model

Authentication is the process of determining if a user is who the user claims to be. WebSphere Application Server authenticates users by using one of several authentication mechanisms. For example, it can challenge users to provide a password, or it can require them to provide a digital certificate. Available authentication procedures include the following:

  • No authentication

    If no authentication is used, users are not required to prove their identities.

  • Basic authentication

    Basic authentication is a familiar form of authentication, in which the security service requests an identifier and password combination from a user when the user attempts to access a resource.

    After a user provides an identifier and password, the security service validates them against a database of known users , which can take the form of a simple registry or a distributed directory service. If the user-provided information is valid, the security system considers the user authenticated.

  • Digital certificates

    Instead of requiring identifier-and-password combinations from users, an application can require users to present digital certificates, which act as electronic identification cards. The security service examines the information in the certificate to authenticate the user.

  • The form-based login challenge

    Instead of using identifier-and-password combinations or digital certificates, application designers can write custom challenges for applications. The authentication procedure in a custom challenge can take any form the application developers can implement.

Go to previous article: Security features Go to next article: Authorization model

 

 
Go to previous article: Security features Go to next article: Authorization model