"How do we authenticate?"

A lot of posibilities

adAS allows the user to authenticate by providing several kinds of credentials such as username and password, the spanish electronic National ID, digital certificates configured in your browser, Kerberos, etc.

Authentication Methods

adAS provides the users with two kinds of authentication:

LOCAL AUTHENTICATION It occurs in the own organization, using the information provided by the user. Ther are different posibilites:

  • User/password: giving the posibility to penalize or block users or IPs in case of wrong authentication.
  • Digital certificate : being posible to do it through spanish electronic National ID or FNMT, among others.
  • HTTP Authentication: delegating the authentication to a server, usually for authenticated users through Kerberos.

DELEGATED AUTHENTICATION It allows the user to identify itself in an external organization, controlling the access in adAS.

At the moment there are plugins that allow to conect with another identity federations that meet the Single Sign-On standards (CONFÍA, SIR, STORK, etc.) and with social networks, as Facebook.

This kind of delegated authentication could be configured for each resource independently, defining authentication models based on the level of assurance that we need for each one of them.