+

Search Tips   |   Advanced Search

Configure pass-through authentication

We can configure a flow to delegate authentication back to the endpoint by using the pass-through authentication feature. We can use this optional feature if you want to retain the authentication credentials only in the endpoint and not in the target Security Directory Server.


About this task

Pass-through authentication is a feature of IBM Security Directory Server, which delegates authentication of users to a different LDAP server. If you configure pass-through authentication for a flow, then IBM Security Directory Server attempts to verify the credentials from an external directory server on behalf of the client.

For more information about pass-through authentication, see the IBM Security Directory Server documentation at http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.IBMDS.doc_6.3.1/welcome.htm and search for Pass-through authentication.


Procedure

  1. On the Flows tab, click the name of the flow and then click Edit to open the flow configuration page, if you did not already do so.
  2. Click the Pass-through Authentication tab. The four steps to enable pass-through authentication are displayed.
  3. You must first verify the credentials that IBM Security Directory Server must use to access the user information in the pass-through authentication server. Specify the Username and Password and then click Verify.
  4. Then, configure IBM Security Directory Server for pass-through authentication.

    1. Click the link, Click to reload server PTA entry to refresh any changes that were made in the back-end directory.
    2. Select Enabled to specify that the pass-through authentication mechanism must be used for this flow.
    3. The endpoint details are pre-filled based on the configuration parameters that you specified when you created the endpoint. If you require to change them we can edit the Target subtree, Attribute mapping, Source subtree, Source bind DN, and Source bind password fields.

    Pass-through authentication is enabled only for the users in the containers of the target subtree.

  5. You must manually restart IBM Security Directory Server for the changes to take effect and to enable pass-through authentication for this flow.
  6. To test that the pass-through authentication mechanism is working for this flow, specify sample user credentials Username and Password and then click Verify.

    We can also check the detailed logs to ensure that there are no errors in the pass-through authentication mechanism.


Parent topic:

Create a flow