6.2.4 Precautions for using authentication functionalities
The following subsection describes the precautions for using the authentication functionalities of both Web containers and Web servers.
- Organization of this subsection
(1) Order of authentication
When the authentication functionalities of both a Web container and a Web server are used in combination, they are performed in the following order:
-
Authentication functionality of the Web server
-
Authentication functionality of the Web container
The authentication functionality of a Web server includes one or more authentication processes. These processes are: Web server-based basic authentication, server authentication with SSL, and client authentication with SSL. When Web container and Web server authentication functionalities are both used, one or more of these processes is used together with the authentication functionality of the Web container.
For details about the authentication functionality and access control functionality of Cosminexus HTTP Server, see the HTTP Server User Guide.
(2) Precautions for using both Web server-based and Web container-based basic authentication
When you use both Web server-based and Web container-based basic authentication, the user name and password authenticated by the Web server are passed to the Web container. Thus, it is necessary to define common user information for the Web server and Web container.
Note that after Web server-based authentication, the Web container operation varies depending on how the Web container performs authentication. The Web container operates as follows:
-
When the user is authenticated by the Web server but not by the Web container:
The Web container displays a dialog box for entering a user name and password. This dialog box requires the common user name and password for the Web server and Web container.
-
When a user authenticated by the Web server does not have a role that allows access to the Web container:
An attempt to access a URL pattern for which access is restricted results in an error.
-
When a user authenticated by the Web server has a role that allows access to the Web container:
The dialog box for entering a user name and password does not appear. The user can access the URL pattern for which access is restricted.
(3) Precautions for using Microsoft IIS with a Web server
When using Web container-based authentication, you cannot use the following authentication functionality of Microsoft IIS:
-
Digest authentication
You cannot use digest authentication regardless of whether you use the Web container's authentication functionality. Make sure you cancel the digest authentication settings in Microsoft IIS.
-
Integrated Windows authentication
You cannot use integrated Windows authentication when using Web container-based basic authentication. Make sure you cancel the integrated Windows authentication settings in Microsoft IIS.