The standard authentication module is based on JAAS and supports form-based authentication (authoring and delivery) and HTTP basic authentication (delivery only). Users and encrypted passwords are stored in the content repository. Optionally authentication against and synchronization with an LDAP server can be configured.
The authentication module is extensible or replaceable through JAAS or our Spring Security Integration plugin.
Two-factor authentication is supported out-of-the-box through integration with Duo Security.
Single Sign-On (SSO)
Single sign-on (SSO) scenarios are supported using a reverse proxy which redirects browser clients to a central Enterprise SSO server for authentication. After authentication, the client is provided a valid security token and is redirected to the originally requested page.
HTTPS support is seamless in both the authoring environment and the delivery tier: no configuration at the application level is needed.