Click Devices > Identity Server > Edit > Local > Classes > New.
Specify a display name, then select a class from the Java class list.
The following classes are recommended only for testing purposes:
BasicClass: Uses basic HTTP authentication.
PasswordClass: Passes the user name and password over HTTP in readable text, and uses a form-based login to collect the name and password.
RadiusClass: RADIUS enables communication between remote access servers and a central server. For a production environment, use ProtectedRadiusClass.
For a production environment, select one of the following classes:
|
Class |
Description |
|---|---|
|
X509Class |
To implement certificate-based authentication. See Mutual SSL (X.509) Authentication. |
|
SocialAuthClass |
To implement authentication through external OAuth providers, such as Facebook, GooglePlus, LinkedIn, and Twitter. See Social Authentication. |
|
TOTPClass |
To implement two-factor authentication. See Two-Factor Authentication Using Time-Based One-Time Password. |
|
Risk-based Auth Class |
To assess the risk after authentication. See Risk-based Authentication. |
|
Risk-based Pre-Auth Class |
To assess the risk before authentication. See Risk-based Authentication. |
|
ProtectedBasicClass |
BasicClass protected by HTTPS. |
|
ProtectedPasswordClass |
PasswordClass protected by HTTPS (form-based). |
|
ProtectedRadiusClass |
RadiusClass protected by HTTPS. See RADIUS Authentication. |
|
KerberosClass |
To use Kerberos for Active Directory and Identity Server authentication. See Kerberos Authentication. |
|
NMASAuthClass |
For NMAS, which uses fingerprint and other technology as a means to authenticate a user. See Smart Card Authentication with NMAS. |
|
NPOrRadiusOrX509Class |
To create a contract from which the user can select an authentication method: name/password, RADIUS, or X.509. See ORed Credential Class. |
|
PasswordFetchClass |
To allow Identity Server to retrieve a user’s password when the user has used a non-password class for authentication. See Password Retrieval. |
|
PersistentAuthClass |
For persistent logins, long authentication sessions, or remember my password functionality. See Persistent Authentication. |
|
IDP Select Class |
To allow a user to authenticate with an external IDP and to provide an option to remember the user choice. See Configuring IDP Select Class. |
|
Other |
For third-party authentication classes or if you have created a custom class. For information about how to create a custom class, see Access Manager Developer Resources. |
|
AliasUserPasswordClass |
To authenticate a user against user's alias name. This class uses the alias object of the user object and the password of the corresponding user object to authenticate. |
|
Advanced Authentication |
To support Advanced Authentication (for example, Email OTP, FIDO U2F). See Multi-Factor Authentication Using Advanced Authentication. |
IMPORTANT:To enable CSRF check, perform the steps mentioned in LOGIN CSRF CHECK and add a property AntiCSRFCheck=true to the class. Do not add this property to Password Class and TOTP Class.
You cannot enable CSRF check for Advanced Authentication class and SocialAuthClass.
Click Next to configure the properties for each class. Click New, then enter a name and value. The names and values are case-sensitive. See Specifying Common Class Properties for the properties that are used by the basic and password classes.
Click Finish.
Continue with Section 5.1.3, Configuring Authentication Methods.
To use an authentication class, the class must have one or more associated methods.