Authentication, authorization, and auditing application traffic

Creating an authentication profile

An authentication profile contains authentication settings to be bound to a server. It is used for the following purpose:

  • An authentication profile specifies the authentication virtual server, the authentication host, the authentication domain, and an authentication level.
  • You can create one or more authentication profiles to specify different authentication settings and bind these authentication profiles to relevant traffic management servers based on your requirements.
  • When you want the same authentication settings to be used by multiple traffic management virtual servers, these servers can be bound to the same authentication profile.

To configure an authentication profile by using the CLI

  • Create the authentication profile and set the required parameters.

    For example, to create a profile with an authentication virtual server named “authVS”.

    ns-cli-prompt> add authentication authnProfile authProfile1 -authnVsName authVS -authenticationHost authnVS.example.com -authenticationDomain example.com -authenticationLevel

Note:

The authentication weight or level will depend on the virtual server to which the traffic is bound. A session that is created by authenticating against a traffic management virtual server at a given level cannot be used to access a traffic management virtual server at a higher level.

  • Bind the authentication profile to the relevant traffic management virtual servers.

    For example, to bind authProfile1 to a load balancing virtual server named “vserver1”.

    ns-cli-prompt> set lb vserver vserver1 -authnProfile authProfile1

To configure an authentication profile by using the GUI

In the Configuration tab, navigate to Security > AAA - Application Traffic > Authentication Profile, and configure the authentication profile as required.

Creating an authentication profile