Distauth: Authentication Process for SecureWeb

In this section

• Introduction
• Authentication
• Form-based Documentation
• Authentication Process
• Security Evaluation
• AFS
• Classlists

Authentication Process for SecureWeb

1. A browser requests protected resource on a secured application server.
2. The secured application server redirects to SecureWeb because the requester's browser has no cookie.
3. The browser authenticates with SecureWeb. SecureWeb presents a dialog box asking for userID and password. The browser respons by giving SecureWeb the userID and password.
4. SecureWeb completes a proxy Kerberos authentication.
5. SecureWeb writes a flag file and a TGT file to AFS.
6. SecureWeb sets a cookie for the browser.
7. SecureWeb redirects back to the secured application server.
8. The browswer requesets access to the proected resource again but this time with a cookie.
9. The secured application server validates the cookie againts information in AFS.