Skip to main content
Previous sectionNext section

Authentication

Authenticate users.

Background Information

Authentication is the process by which a user proves who he or she is when accessing a system.

Available Tools

Server authentication options

InterSystems provides the following options that enable you to authenticate users:

  • Kerberos authentication — The most secure means of authentication. The Kerberos Authentication System provides mathematically proven strong authentication over a network.

  • Operating-system–based authentication — OS-based authentication uses the operating system’s identity for each user to identify that user for Caché purposes.

  • LDAP authentication — With the Lightweight Directory Access Protocol (LDAP), Caché authenticates the user based on information in a central repository, known as the LDAP server.

  • Caché login — With Caché login, Caché prompts the user for a password and compares a hash of the provided password against a value it has stored.

  • Delegated authentication — Delegated authentication provides a means for creating customized authentication mechanisms. The application developer entirely controls the content of delegated authentication code.

You can also allow all users to connect to the server without performing any authentication. This option is appropriate for organizations with strongly protected perimeters or in which neither the application nor its data are an attractive target for attackers.

For information, see the Caché Security Administration Guide. Also see the Caché Security Tutorial.

Availability: All namespaces.

CSP session support

You can define CSP sessions so that users are required to authenticate themselves to the server.

See “CSP Session Management” in Using Caché Server Pages (CSP).

Availability: All namespaces.

Support for security-related SOAP specifications

Caché web services and web clients can validate the WS-Security header element for inbound SOAP messages, as well as automatically decrypt the inbound messages. Generally speaking, this security header element can carry information that authenticates the sender. See Securing Caché Web Services.

Availability: All namespaces.

The bindings and gateways also provide support for authentication, as discussed in the books for those bindings and gateways.

See Also