This section describes what authentication is and the methods for login and authentication.
Authentication means that users identify themselves to gain access to the system. Users can identify themselves immediately upon entry to the system or they can be challenged by the system when they try to access a protected resource before identifying themselves. The user ID/password combination is the most common method of identifying a user to the system.
You can have simultaneous, multiple logins using the same user ID and password, but these may result in a non-reliable behavior depending on the client or authentication method; therefore, IBM® Lotus® Quickr™ for WebSphere Portal does not support simultaneous, multiple logins.
After a user has been authenticated, the system can determine if that user is authorized to access the resources that are requested. See Authorization for more information on accessing resources.
Lotus Quickr allows the following methods for login and authentication:
Form based authentication:
By default Lotus Quickr uses the Custom Form-based Authentication mechanism of IBM WebSphere® Application Server to prompt users for identity. Users type their user ID and password in the login portlet or the login screen.SSL client certificate authentication:
Alternately you can configure authentication via certificates that are stored in the browser or a SmartCard via Secure Sockets Layer (SSL) client certificate authentication. In this case the authentication is done for the users when they access protected area. Third party authentication:
You can also configure your system for third-party authentication, for example, through an external security manager such as IBM Tivoli® Access Manager for e-business. With this method the system trusts that the authentication was done by the third-party product.
Parent topic: Security considerations: qp85