Providing Authentication for your Services

This chapter describes how the Virtual Traffic Manager can authenticate users remotely against external services.

Overview

When a user connects to a service provided through the Virtual Traffic Manager, their credentials can be validated against the records held at a remote service rather than on the Virtual Traffic Manager itself.

The Virtual Traffic Manager supports a number of common mechanisms to provide authentication and authorization of user requests:

•Using TrafficScript rules to query remote LDAP authentication services

•Using SAML (Security Assertion Markup Language) to perform authentication handshakes with a third-party identity provider

•Configuring the Virtual Traffic Manager for KCD (Kerberos Constrained Delegation)

Some mechanisms might be license key controlled. See your support provider for details.

This chapter discusses support for TrafficScript-based authorization and SAML authentication. For a complete description of the Virtual Traffic Manager’s support for KCD, see instead Kerberos Constrained Delegation Support.