Configuring the challenge behavior for custom or Kerberos authentication services
Configure the way in which your custom or Kerberos authentication service requests the login credentials.
- Open the service from the navigation panel in Dev Studio by clicking Records > SysAdmin > Authentication Service and choosing a service from the instance list, and then navigate to the Custom tab.
-
In the Initial challenge stream field, press the Down Arrow key
and select the second key part of an HTML rule to run (where the Applies To key part is
@baseclass ) if user navigates to your system through a non-HTTPS
URL.
Design the page rendered by this HTML rule to redirect the user to an HTTPS URL where the user is challenged for credentials. See the standard HTML rule Web-Login-SecuredBasic for an example. By default, this rule runs when all of the following are true:
- The Use SSL option is selected.
- An unauthenticated user navigates to the system through an unsecured port.
- No rule is specified in the Initial Challenge Stream field.
-
To require users to use a secure port (HTTPS) for authentication, select the
Use SSL check box .
If Use SSL is checked, users must use an HTTPS URL for authentication. Verify that the application server that hosts your system uses HTTPS and that a URL is configured with the appropriate security constraints.
-
Complete one of the following steps.
- To use the Basic authentication browser pop-up window to gather user credentials, select the Use Basic Authentication for signon check box.
- In the Credential challenge stream field, press the Down Arrow key and select the second key part of an HTML rule (where the Applies To key part is @baseclass ) that provides the login form that gathers user credentials.
-
To customize the page that appears when authentication fails, specify an HTML rule in
the Authentication fail stream field.
Enter the second key part of the HTML rule (where the Applies To key part is @baseclass ) that provides the page that appears when a user's username and password combination does not pass authentication.Commonly, one HTML rule is used for both the challenge stream and the fail stream.
- Click Save.