Skip to main content

Configuring password authentication

Users can prove their identities by validating their passwords against:

  • A target system that is set up as a trusted system.

    These users’ passwords are not stored in the Bravura Security Fabric database.

  • A value stored in Bravura Security Fabric .

    This only applies to product administrators whose passwords are stored in Bravura Security Fabric .

In order to set up password authentication for users whose passwords are not stored in Bravura Security Fabric , configure the following:

Authentication priority list

The authentication priority list (Manage the system > Policies > Authentication priority) controls the target systems that can be used to validate passwords and the target system authentication order.

NUM HOSTS VERIFY (optional)

This setting (Manage the system > Policies > Options) controls the number of target systems for authentication.

Increase the value of NUM HOSTS VERIFY if the authentication priority list contains more than one target system, and if you want Bravura Security Fabric to retry the supplied password on additional target systems before concluding that the user simply entered an incorrect password value.

PSF IDENT AS AUTH (optional)

Enable this setting (Manage the system > Modules > Front-end (PSF) ) if you want Bravura Security Fabric to attempt to authenticate the user by verifying the supplied password against the target system chosen for identification.

PSF EXT

Set this value to User-selectable or Password authentication.

See Enabling authentication methods via Front-end configuration for details.

PSFEXT VALUES

Include password.pss.

Login process with password authentication

The following example login process illustrates how the above settings affect the Front-end :

  1. A user visits the login page for the Front-end and enters an identifier (a login ID on a trusted system or a profile ID) and a password.

  2. If PSF IDENT AS AUTH is enabled, the Front-end attempts to authenticate the user by verifying the password against the target system chosen for identification.

  3. If PSF IDENT AS AUTH is not enabled, or if the user entered a profile ID, Bravura Security Fabric attempts to authenticate the user by validating the password against the first target system in the authentication priority list.

  4. If password verification fails, and if NUM HOSTS VERIFY is greater than one, Bravura Security Fabric contacts the next target system in the authentication priority list.

  5. The verification process continues until authentication succeeds or the number of failures equals the value contained in NUM HOSTS VERIFY in which case authentication fails.

The process for the administrative consoles is similar; however, Step 2 does not apply. In all cases Bravura Security Fabric uses information from the user’s profile to determine the correct login ID for each target system that it validates the password against.

In this section: