Remote Authentication
AppResponse 11 can use RADIUS and TACACS+ authentication servers in addition to local password user authentication (the default), or can use SAML 2.0 authentication instead of the other types. Once authenticated, a remote user can be assigned a role (authorized) either by the authentication server or identity provider, or by a default role configured in AppResponse 11. If authentication and authorization succeed, the appliance logs the user in. If either authentication or authorization fail, the appliance displays an error message and records an unsuccessful login attempt in the audit logs.
When using remote authorization:
◼ You can configure a maximum of two RADIUS and two TACACS+ remote servers.
◼ You can specify a sequence of authentication types with prioritized servers in each type. For example, you could specify RADIUS, TACACS+, and Local as the sequence to be used when authenticating users. Place each authentication server in the order you want requests to be processed. However, if you enable SAML 2.0 authentication, RADIUS, TACACS+, and local authentication all will be disabled, and only the SAML identity provider will authenticate users.
◼ Command accounting is not supported.
Passwords are encrypted using a RADIUS or TACACS+ shared secret when a request is sent to an authentication server. These keys are not stored in an encrypted format by AppResponse 11.
This section covers: