Authentication configuration

The authentication module is used to authenticate a request to the Pointsharp Access Gateway. It includes specifying the type of enabled authentication methods; basic authentication, or NTLM authentication. By using the authentication policy list, you are also able to tell which client that can use what authentication method.

The authentication module is dependent on the Pointsharp ID to be configured with the authentication methods used in the Default Authentication list and in the Authentication Policies list.

To configure the Pointsharp ID, please refer to the Pointsharp ID Admin GUI and its Authentication tab.

Property	Description
Name	The name of the module configuration.
Anonymous	Anonymous users are allowed when authorization header is missing, but will still do authentication if the request contains an authorization header. Default: disabled
Use Cookie	Indicates whether to check if the current user is already authenticated by trying to retrieve the user data from the current session (cookie). If it is disabled, then the request will be sent through the authentication procedure whether the user is authenticated or not. Default: disabled
Authentication Policies	The list of authentication policies to be used if the requesting user agent match with one of them. Example: If policy is defined with user agent "test", it will trigger on all user agents containing the word "test" and authenticate with the assigned method.
Default Authentication	The list of default authentication method names that all should be used if none of the policies matched. If multiple methods of the same authentication type is defined, only the first in the list will be used.
Blocked User Agents	The list of blocked user agents. Example: If block list has user agent "test", it will block all user agents containing the word "test" and respond with status 403 Forbidden.

Property

Description

Name

The name of the module configuration.

Anonymous

Anonymous users are allowed when authorization header is missing, but will still do authentication if the request contains an authorization header.

Default: disabled

Use Cookie

Indicates whether to check if the current user is already authenticated by trying to retrieve the user data from the current session (cookie). If it is disabled, then the request will be sent through the authentication procedure whether the user is authenticated or not.

Default: disabled

Authentication Policies

The list of authentication policies to be used if the requesting user agent match with one of them.

Example: If policy is defined with user agent "test", it will trigger on all user agents containing the word "test" and authenticate with the assigned method.

Default Authentication

The list of default authentication method names that all should be used if none of the policies matched. If multiple methods of the same authentication type is defined, only the first in the list will be used.

Blocked User Agents

The list of blocked user agents.

Example: If block list has user agent "test", it will block all user agents containing the word "test" and respond with status 403 Forbidden.

Authentication Policy

Defines a policy to specify an authentication setup for a client depending on its user agent.

An authentication policy enables the capability to use different authentication protocols and authentication settings, depending on the incoming client. It specifies the client to match by defining pattern for the user agent of the client to match.

Property	Description
User Agent Pattern	The pattern describing the user agents to match with this policy. The exact value in a user agent pattern is compared with an incoming client’s user agent. If the client’s user agent contains the user agent pattern (case-insensitive) it is considered a match. If this value is empty, then the client’s user agent has to be empty to match. Any non-matching client is set to use the authentication method(s) defined by the default authentications.
Method	The authentication protocol and method to use for this policy.
Ignore Cookie Validation	Decides whether to ignore the cookie validation settings or not. Default: Unchecked (does not ignore the cookie validation settings)

Property

Description

User Agent Pattern

The pattern describing the user agents to match with this policy.

The exact value in a user agent pattern is compared with an incoming client’s user agent. If the client’s user agent contains the user agent pattern (case-insensitive) it is considered a match. If this value is empty, then the client’s user agent has to be empty to match. Any non-matching client is set to use the authentication method(s) defined by the default authentications.

Method

The authentication protocol and method to use for this policy.

Ignore Cookie Validation

Decides whether to ignore the cookie validation settings or not.

Default: Unchecked (does not ignore the cookie validation settings)

Basic Authentication

Defines the configuration of an authentication setup using the protocol of basic authentication. Use Basic authentication to require that users provide a valid username and password to access content. All major browsers support this authentication method, and it works across firewalls and proxy servers.

Property	Description
Authentication Method	The name of the authentication method to call on the Pointsharp ID. The selected authentication method has to support for being used with basic authentication.
Authentication Cache Timeout	The timeout interval, in seconds, to use when requesting for authentication (device access and content set) towards the Pointsharp Web API. Default: Disabled
Default Domain	Type the name of a domain against which you want users to be authenticated by default. Any users who do not provide a domain name when they log on to your site are authenticated against this domain. Default: Empty (not in use)
Realm	Type the DNS domain name or address that uses the credentials that have been authenticated against the default domain. Default: Disabled (not in use)

Property

Description

Authentication Method

The name of the authentication method to call on the Pointsharp ID. The selected authentication method has to support for being used with basic authentication.

Authentication Cache Timeout

The timeout interval, in seconds, to use when requesting for authentication (device access and content set) towards the Pointsharp Web API.

Default: Disabled

Default Domain

Type the name of a domain against which you want users to be authenticated by default. Any users who do not provide a domain name when they log on to your site are authenticated against this domain.

Default: Empty (not in use)

Realm

Type the DNS domain name or address that uses the credentials that have been authenticated against the default domain.

Default: Disabled (not in use)

Windows Integrated Authentication (NTLM)

Defines the configuration of an authentication setup using NTLM. A Windows challenge/response authentication for network logon.

Property	Description
Authentication Method	The name of the authentication method to call on the Pointsharp ID. The selected authentication method has to support for being used with NTLM authentication.

Property

Description

Authentication Method

The name of the authentication method to call on the Pointsharp ID. The selected authentication method has to support for being used with NTLM authentication.

Block User Agent

Defines a user agent to block.

Property	Description
Pattern	The pattern of the user agent. The user agent has to contain this value to be blocked.

Property

Description

Pattern

The pattern of the user agent. The user agent has to contain this value to be blocked.