WebSphere Commerce authentication model

The WebSphere Commerce authentication model is based on the following concepts: challenge mechanisms, authentication mechanisms and user registries.

WebSphere Commerce security model

Challenge mechanisms

A challenge mechanism specifies how a server challenges and retrieves authentication data from a user. WebSphere Commerce supports the following authentication methods or challenge mechanisms:

Authentication mechanisms

An authentication mechanism verifies user authentication data against an associated user registry. WebSphere Commerce issues an authentication token associated with a user on every subsequent request after the authentication process. It is terminated when the user logs off or closes the browser.

User registry

The user registry is a repository that contains user information, and the user's authentication information (for example, the password). Authentication information provided by a principal (that is, the representation of a human user or system entity in a user registry) can be verified or validated against the user registry.

WebSphere Commerce supports user registries based on two user domains: LDAP user registry and the WebSphere Commerce database.

An LDAP server is typically used when multiple software applications need to interact with a common set of users and organizations. For example, for the implementation of a WebSphere Commerce Single Sign-On solution.

Related concepts
Authentication policies

Related tasks
Enable WebSphere Application Server security

Related reference
Default account policies