Authentication realms

Resources are protected by authentication realms. Authentication processes can be interactive or non-interactive.

An authentication realm defines the process to be used to authenticate users, and consists of the following steps:

1. Specification of how to collect user credentials, for example, using a form, using basic HTTP authentication or using SSO.

2. Specification of how to verify the user credentials, for example, checking that the password matches the user name, or using an LDAP server or some other authentication server.

3. Specification of how to build the user identity, that is, how to build objects containing all the necessary user properties.

The same realm can be used in different security tests. In this case, clients must undergo the authentication process defined for the realm only once.

Authentication processes can be interactive or non-interactive, as demonstrated in the following authentication process examples:

• An example of interactive authentication is a login form that is displayed when a user attempts to access a protected resource. The authentication process includes verifying the user credentials.

• An example of non-interactive authentication is a user cookie that the authentication process looks for when a user attempts to access a protected resource. If there is a cookie, this cookie is used to authenticate the user. If there is no cookie, a cookie is created, and this cookie is used to authenticate the user in the future.

• User certificate authentication realm
  The user certificate authentication realm authenticates the user with X.509 certificates that are generated with the MobileFirst Server together with the public key infrastructure (PKI).

Parent topic: MobileFirst security framework