Secure Global Desktop Administration Guide > Users and authentication > Introducing web server authentication
Read this topic to... |
---|
|
Web server authentication is different to the Secure Global Desktop login authority system because the authentication is actually performed externally by a web server. You configure Secure Global Desktop to trust this authentication and it then determines the user's identity and their login profile.
When users log in, they see their browser's authentication dialog instead of the Secure Global Desktop login page. Once they have typed their username and password, users go directly to their webtop.
Web server authentication (or HTTP authentication) is supported by all web servers and web browsers.
With HTTP authentication:
The web browser caches the credentials, either temporarily (until the user closes the browser) or permanently (if the user checks the box on the browser's authentication dialog). It does this because, with HTTP authentication, the credentials must be sent with every request to a protected URL. The browser sends the credentials automatically.
Once the web server has authenticated the user,
Secure Global Desktop then obtains the user's identity from the
REMOTE_USER
environment variable. The web server sets this variable after it has authenticated the user.
Secure Global Desktop uses this identity to search for a matching login profile.
You can use web server authentication and login authorities together. If Secure Global Desktop can't find a matching login profile, the standard Secure Global Desktop login page displays. The user must log in to Secure Global Desktop and be authenticated by a login authority before they can access their webtop.
Web server authentication does not support ambiguous users. This means users get the webtop of the first matching login profile.
REMOTE_USER
variable. If the plug-in you use doesn't set that variable you can export the variable your plug-in uses.Copyright © 1997-2006 Sun Microsystems, Inc. All rights reserved.