Scheme | Description |
Anonymous | Allows unrestricted access to a server resource. Used for unprotected areas of the server that might be public facing and do not contain sensitive information. Because a user is not challenged for credentials, the anonymous authentication scheme is appropriate for login pages. |
Forms | Presents a form to an unauthenticated user and gathers the necessary credentials that are passed to the server. The forms authentication scheme is the default for all server resources because it redirects unauthenticated requests to a default login page. |
Basic | Typically passes credentials as HTTP header parameters. The user experience for basic authentication is a popup window that renders in the native windowing system. |
Kerberos | Enables single sign-on for users on Windows. My webMethods Server users, already authenticated by Windows, need not login again to access My webMethods Server. For more information, see
Configuring Kerberos Authentication. |
HTTP Header | Accepts external HTTP authentication credentials from third-party security and access control products (such as Computer Associates, Oblix, and so forth). After this authentication scheme is enabled, the server ignores all other authentication schemes. For more information, see
Configuring External Configuration
Credentials. |
NTLM | Used for authentication in various Microsoft network protocol implementations. On Windows deployments, when the NTLM authentication scheme is the default for a server, users do not need to re-authenticate for server resources if they are already logged into a Windows domain. For more information on NTLM authentication, see: |
SAML | Supports single sign-on (SSO) through the Security Assertion Markup Language (SAML). Using SAML, an application on a target computer grants access based on an assertion from the source computer. For more information about SSO, see
Configuring
My webMethods Server Single Sign-On. |
OAuth 2.0 | Allows users to login to My webMethods and access layered applications or other server resources, using credentials from a third-party identity provider. For more information, see
Configuring OAuth 2.0 Authentication. |