Configuring an external authentication provider

When you use basic authentication to determine the identity of the client (sender), through a username and password (organization credentials) when a transaction is initiated, you can configure an external authentication provider to provide access control.

About this task

If you are using an external authentication method, you must select or create a new external authentication provider instance.

Procedure

  1. Select Systems Management > Authentication Providers to access the Authentication Providers page.
  2. On the Authentication Providers page, click New and select the authentication provider type from the list.
  3. Complete the fields on the Sterling External Authentication Server page with the appropriate information.
    Associated organization
    Click Select and select the owner organization with which the authentication provider is associated. Type a unique name for the authentication provider.
    Name
    Type a unique name for the authentication provider.
    Description
    Optional: Type a description for the authentication provider.
    Host
    The name of the server on which the authentication provider is located.
    Port
    Type the port number for the authentication provider.

    Generally, the port number specifies the authentication provider available on the server. When you are assigning a port number to the authentication provider, ensure that the port number does not conflict with the default port number of an authentication provider that is available on the authentication provider. Valid range for a port number is 0 - 65535.

    SSL
    Select the check box to enable Secure Sockets Layer (SSL), which establishes an encrypted link between the authentication server and the web browser. If you enable SSL, you must complete the SSL-related fields.
    SSL certificate

    Select the certificate to be used by the external authentication server to encrypt and send data securely.

    You must share the public key of the certificate with the trading partner. The trading partner adds the certificate to their system. The sender (trading partner) uses the public key to encrypt the message during message exchange.

    SSL protocol

    Select the connection protocol or configuration to securely transfer messages. Default value is TLSv1.2 for B2B Advanced Communications version 1.0.0.5 and higher.

    Remember: Selecting an SSL protocol for message exchanges, including such configurations as SSL_TLS, SSL, SSLv2, SSL, SSLv2, SSLv3, is not suggested. Available TLS connection protocols include TLS, TLSv1, TLSv1.1, and TLSv1.2.
    Restriction: If you are using a custom system certificate using SHA-1, you must replace it with a certificate that uses SHA-2.
    SSL client authentication

    To enable SSL client authentication, select the Enable SSL client authentication check box.

    SSL client authentication is used to determine the identity of the client (sender) when a transaction is initiated

    SSL client authentication certificate
    Select the client authentication (CA) certificate to use for SSL client authentication.
  4. Click Save to save the external authentication provider configuration.