Redbex Reference Manual - Authentication

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Save Permalink URL

Navigation: Application Server > Common services

Authentication

Authentication is the process that ensures that a party trying to access the Application Server is really the one it claims to be. In Redbex authentication is based on a username/password principle. Authentication should not get confused with login, authentication is only part of the login process but is also used in other parts of the system e.g. in approval.

To authenticate against the system, the accessing person or system has to provide a username that matches the name of a user in Redbex and a password.

Basis for authentication is a user account in the Redbex system, i.e. each user of the Redbex system must have a user account within the system. The actual authentication i.e. the matching of username and password is performed according to the Authentication type setting of the user. Table 1 describes the authentication types available.

Authentication type	Description
Application Server	The given username is matched against the list of users in Redbex. If a match is found the hash calculated on the given password string is compared with the hash stored along with the user in the Application Server. If hashes match the user is authenticated.
Active directory	The given username is matched against the list of users in Redbex. If a match is found the username and the given password are forwarded to the LDAP directory of a Microsoft Active Directory using the LDAP or LDAPs protocol. The LDAP server will then validate the password.

Table 1: Supported Authentication types

Irrespective of the used authentication type the given username is case insensitive, the password is case sensitive. The system automatically truncates trailing and leading white space from the given username and password.

When using Application Server authentication type the system does not store passwords as clear-text or as encrypted string but as hash using SHA256 hashing algorithm and to provide additional protection against dictionary attacks the system uses salting. Because of this there is no way of determining the password of a user except brute force guessing.