Providing Authentication for your Services

This chapter describes how the Traffic Manager can authenticate users remotely against external services.

Overview

When a user connects to a service provided through the Traffic Manager, their credentials can be validated against the records held at a remote service rather than on the Traffic Manager itself.

The Traffic Manager supports a number of common mechanisms to provide authentication and authorization of user requests:

•Using TrafficScript rules to query remote LDAP authentication services

•Using SAML (Security Assertion Markup Language) to perform authentication handshakes with a third-party identity provider

•Configuring the Traffic Manager for KCD (Kerberos Constrained Delegation)

Some mechanisms might be license key controlled. See your support provider for details.

This chapter discusses support for TrafficScript-based authorization and SAML authentication. For a complete description of the Traffic Manager’s support for KCD, see instead Kerberos Constrained Delegation Support.