Authenticate Against Identity Provider Assertion
The Authenticate Against Identity Provider assertion authenticates the current credentials against a selected identity provider, using credentials gathered from other credential source assertions (for example, Require HTTP Basic Credentials, Require SAML Token Profile, or Require SSL or TLS Transport). It is similar to the except that it does not match the authenticated user against any particular user or group.
Authenticate Against Identity Providerassertion authenticates the current credentials against a selected identity provider, using credentials gathered from other credential source assertions (for example, Authenticate User or Group Assertion except that it does not match the authenticated user against any particular user or group.
Use this assertion when you need to separate authentication and authorization, for example:
- You want to authenticate the credentials already gathered in the policy, but you don't need to authorize that the resulting user is a particular user or member of a particular group.
- The policy contains many "User" or "Group" assertions. You want to authenticate first so that if it fails, the identity assertions can be skipped, saving processing time.
- You wish to perform branching based on the results of authentication (for example, "If the authentication fails, do this; otherwise do this...")
To learn about selecting the target message for this assertion, see Select a Target Message.
To learn more applying a tag to the identity, see Identity Tags.
Using the Assertion
- Do one of the following:
- To add the assertion to the Policy Development window, see Adding an Assertion.
- To change the configuration of an existing assertion, proceed to step 2 below.
- When adding the assertion, theChange Authentication Identity Providerdialog automatically appears; when modifying the assertion, right-clickin the policy window and choose<target>:Authenticate against...Change Authentication Identity Provideror double-click the assertion in the policy window.
- Choose the identity provider that will be authenticated against. Only configured identity providers appear on the list.
- Click [OK] when done.