About
The authentication methods / construct / protocol validates the identity of a user (ie validates who you are).
The method is implemented by a (identify|authentication) provider.
Articles Related
Method
Username / Password
In the traditional client-server authentication model, the third-party application requests an access-restricted resource (protected resource) on the server by authenticating with the server using the resource owner's credentials (generally a username/password). The resource owner shares then its credentials with the third party app.
Protocol Name | Cleartext | HTTPS |
---|---|---|
HTML form-based | Yes | Mandatory |
What is and how works the Basic Authentication scheme? (HTTP) | Yes | Mandatory |
Authentication - HTTP Digest Access Authentication | No | Optional |
The cleartext protocols should be used together with HTTPS to encrypt the credentials in transit.
Identity assertion
An Identity assertion Authentication use as credentials:
- signed certificates (another name for Public key authentication)
- SPNEGO authentication, employed for example by Microsoft IIS running configured for Integrated Windows Authentication (IWA)
- Secure Remote Password protocol (preferably within the HTTPS / TLS layer). However, this is not implemented by any mainstream browsers.
- or security tokens (SAML, JWS, …)
Strong
Strong authentication are generally based on identity_assertion