Manual Chapter : About authentication items

Applies To:

Show Versions Show Versions


  • 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

About authentication items

Authentication items perform authentication or authentication-related functions, such as:
  • Verify credentials (or a PIN or a token)
  • Inspect SSL certificates
  • Check SSL certificate revocation status
  • Verify the result of passwordless authentication
  • Perform accounting, and so on.
An authentication item usually follows a logon item or another authentication item in an access policy. An access policy can contain any number of authentication items.
An administrator that configures authentication items can make these choices:
  • Specify an AAA server (or pool in cases where high availability is supported) against which to authenticate. Access Policy Manager (APM) supports many types of AAA servers.
  • Inspect the SSL certificate presented during the initial SSL handshake, or specify on-demand certificate authentication (to re-negotiate the SSL connection). On-demand authentication is not supported in every type of access configuration.
  • Select a Certificate Revocation Location (CRL) or Online Certificate Status Protocol (OCSP) responder for verifying revocation status.
Other configuration objects must be created before configuring an authentication item or before a particular type of authentication is fully configured and working.