Instant messaging authentication ensures that users of your network cannot access the web through an instant messaging service if they are not authenticated. The authentication process looks up user information and asks unauthenticated users to authenticate.
The following elements are involved in this process:
- Authentication rules that control the process
- The Authentication module, which retrieves information about users from different databases
An authentication rule can use an event to log information on the authentication of users who requested access to the web.
In this case, a logging module is also involved in the process.
Instant messaging authentication is not implemented by default on the appliance, but you can import the IM Authentication rule set from the library.
This rule set contains a rule that looks up user information to see whether users who request web access are already authenticated. The method used for looking up the information is the User Database method.
Unauthenticated users that no information can be found for in the user database are asked to submit their credentials for authentication.
Another rule looks up information using the Authentication Server method to see whether users are authenticated and asks unauthenticated users for their credentials.
The Authentication module is called by these rules to retrieve the user information from the appropriate databases.
You can review the rules in the library rule set, modify or delete them, and also create your own rules.
The Authentication module (also known as engine) retrieves information that is needed to authenticate users from internal and external databases. The module is called by the authentication rules.
The different methods of retrieving user information are specified in the module settings. Accordingly, two different settings appear in the rules of the library rule set for instant messaging communication:
- User Database at IM Authentication Server
- Authentication Server IM
These settings are implemented with the rule set when it is imported from the library.
You can configure these settings, for example, to specify the server that user information is retrieved from under the Authentication Server method.
The library rule set for instant messaging authentication includes a rule that logs authentication- related data, such as the user name of a user who requested web access, or the URL of the requested web object.
The logging is handled by the FileSystemLogging module, which you can also configure settings for.