Configuring Router WWW Authentication Methods

Each router in a grid can be configured to provide specific authentication methods for its HTTP and HTTPS ports, respectively. The reason for this is to allow different authentication methods via different entry points in the grid. It can also be desirable to force use of basic authentication, for example, to go over the HTTPS port.

The WWW authentication methods configured for a router define the methods accepted by the router when accessed via the HTTP or HTTPS ports. When accessed by a grid client, the intersection of these methods and the methods supported by the configured session provider determines how authentication is performed in practice. For information on the supported authentication methods for each session provider, see Session Provider Requirements and Selection. Basic authentication is supported by all session providers.

If SAML 2 authentication is configured for a router, it will override the other settings. The SAML Session Provider must be the configured session provider in order for this setting to take effect. Note that when the SAML Session Provider is installed, a router (SAML Router) configured to use SAML 2 authentication is automatically installed. The SAML 2 authentication method in the SAML Session Provider uses WS-Federation to authenticate to AD FS 2.0+ (for browser clients that can be automatically redirected). The SAML Session Provider also implements basic authentication using WS-Trust to authenticate users to AD FS 2.0+ (for active, non-browser based clients).

It is possible that the configured session provider does not support any of the configured WWW authentication methods. In this case, the user will not be able to log on.

To configure WWW authentication methods for a router