Enabling authentication methods via Front-end configuration
An authentication method must be enabled to make it available to users. By default, password authentication and security question authentication are enabled. You can enable or disable methods by configuring the Front-end.
Alternatively, you can enable more complex authentication methods by configuring authentication chains.
To enable authentication methods via Front-end configuration:
Click Modules > Front-end (PSF).
Select the appropriate choice from the PSF EXT drop-down list:
Password authentication
Users can only authenticate using a password.
Security questions
Users can only authenticate using security questions.
User-selectable
Allow users to select from authentication methods listed in PSFEXT VALUES or custom authentication chains.
Enable authentication methods by including the names of programs or scripts in the PSFEXT VALUES field.
The field accepts a comma-delimited list, which can include:
password.pss– password authenticationresponse.pss– security questions
Click Update.
Adding options to the authentication menu
When more than one authentication method is enabled, the Front-end displays a menu of available authentication methods to users after they have been identified.
When password or security question authentication is enabled in PSFEXT VALUES, the option is automatically included in the menu.
If you enable a custom authentication method by including it in PSFEXT VALUES, you must edit the Bravura Security Fabric skin files to include the option in the authentication menu. See Adding to the authentication menu to learn how to do this.
Alternatively, you can add a custom authentication method to an authentication chain and make that available in the default authentication chain.
Click below to view a demonstration of an authentication chain being altered. In this example, a product administrator corrects an undesirable authentication chain to one using unique authentication methods. Currently, users are prompted with a choice of password or security questions as a first authentication factor, and then required to use security questions again as a second factor. This authentication chain is not best practice, as each method should be unique. Therefore, the product administrator removes the selectable security-questions option for the first authentication factor. As a result, the user is only prompted to provide password authentication as the first factor, followed by security questions as the second factor.
Specifying authentication methods within URLs
Once enabled, you can direct users to a preferred method of authentication by specifying it in the Bravura Security Fabric URL, rather than providing a menu.
You can direct a user to:
A built-in authentication module, such as password authentication
An external authentication method
An authentication chain
For example:
The specified user is directed to a page to verify their password:
https://<server>/<instance>/?LANG=en-us&USERID=<user>&PSF_EXT=password.pssThe specified user is directed to a page to enter responses to their security questions:
https://<server>/<instance>/?LANG=en-us&USERID=<user>&PSF_EXT=response.pssThe specified user is directed to the first page of the specified authentication chain:
https://<server>/<instance>/?LANG=en-us&USERID=<user>&PSF_EXT=<authchain>Where:
<server>is the Bravura Security Fabric server<instance>is the name of the Bravura Security Fabric instance<user>is the user for whom you are creating the URL<authchain>is the name of the authentication chain to which you are directing them.
Generally, organizations set up a customized intranet page with links to Bravura Security Fabric so that users do not have to type the URL.
Users can only select custom authentication methods if the method is enabled. Methods that are not enabled do not appear in the authentication menu and cannot be passed in the URL.