Configuring the challenge behavior for custom or Kerberos authentication services
Configure the way in which your custom or Kerberos authentication service requests the login credentials.
Open the service from the navigation panel in Dev Studio by clicking Custom tab.and choosing a service from the instance list, and then navigate to the
In the Initial challenge stream field, press the Down Arrow key and select the second key part of an HTML rule to run (where the Applies To key part is @baseclass ) if user navigates to your system through a non-HTTPS URL.
Design the page rendered by this HTML rule to redirect the user to an HTTPS URL where the user is challenged for credentials. See the standard HTML rule Web-Login-SecuredBasic for an example. By default, this rule runs when all of the following are true:
- The Use SSL option is selected.
- An unauthenticated user navigates to the system through an unsecured port.
- No rule is specified in the Initial Challenge Stream field.
To require users to use a secure port (HTTPS) for authentication, select the Use SSL check box .
If Use SSL is checked, users must use an HTTPS URL for authentication. Verify that the application server that hosts your system uses HTTPS and that a URL is configured with the appropriate security constraints.
Complete one of the following steps.
- To use the Basic authentication browser pop-up window to gather user credentials, select the Use Basic Authentication for signon check box.
- In the Credential challenge stream field, press the Down Arrow key and select the second key part of an HTML rule (where the Applies To key part is @baseclass ) that provides the login form that gathers user credentials.
To customize the page that appears when authentication fails, specify an HTML rule in the Authentication fail stream field.
Enter the second key part of the HTML rule (where the Applies To key part is @baseclass ) that provides the page that appears when a user's username and password combination does not pass authentication.
Commonly, one HTML rule is used for both the challenge stream and the fail stream.
- Authentication services
To override or extend the default authentication process, create and configure an authentication service.
- More about authentication services
This page describes additional topics relevant to authentication services that are not directly referenced on the rule form.
- Creating an authentication service
To override or extend the default authentication process, create an authentication service. By creating an authentication service, you implement more specialized authentication requirements than the default, for example, to use pre-authentication and post-authentication activities.
- About HTML rules
Use an HTML rule to describe how the system is to assemble, through stream processing, portions of HTML displays in your application.