IBM® Sterling External Authentication Server allows you to implement extended authentication and validation services for IBM products, called client applications. Sterling External Authentication Server includes a server that client applications connect to and a GUI to configure Sterling External Authentication Server requirements.
For SSL or TLS authentication, the connection between Sterling External Authentication Server and the client application is authenticated. Then, the client application sends a request with a certificate chain and/or a user ID and password. Sterling External Authentication Server uses the certificate validation or authentication definition referenced in the request to perform the requested operations.
For SSH authentication, the client application sends a request to Sterling External Authentication Server that contains a profile name, user ID, or SSH public key. Sterling External Authentication Server uses the configuration information in the profile to bind to an LDAP directory and look up the SSH key assigned to the user. It also performs an attribute assertion to match the key provided against the list of keys found in the LDAP directory.
After you install Sterling External Authentication Server, configure it for operation in your environment. Sterling External Authentication Server supports a flexible configuration to meet a variety of certificate validation and user authentication and authorization needs. You can configure:
After you configure the system, create certificate validation and user authentication definitions.