Use advanced authentication functionality
Standard user authentication in OpenWGA works with the manual input of a username and password combination that is compared to a stored password somewhere in user data.
However, OpenWGA supports other, potentially more secure or even comfortable, authentication schemes that may be usable for your user base and which you should be aware of:
- Client certificate authentication works by distributing digital certificates to your users, an individual one for every user, which these install to their internet browsers. Upon visiting the protected site the browser and server can automatically negotiate authentication and the user is logged in seamlessly. This is not only more secure, it also is more comfortable for the user as he does not need to remember and enter a password. On the downside it needs you to distribute and maintain certificates.
- Multiple single-signon techniques are available and in use with OpenWGA, including SPNEGO-based solutions for Windows domains (OpenWGA enterprise edition only) and Single-Signon with Lotus Domino websites.