Digest Authentication Scheme (baja-DigestAuthenticationScheme)

This component is a container for properties that configure the DigestScheme. This authentication scheme uses SCRAM-SHA256 (Salted Challenge Response Authentication Mechanism). This is one of the default schemes and this component is located in the baja palette. When using the DigestScheme, the password is never sent across the network. Instead, the client sends proof that they know the password.

When a supervisor has a SAMLIdPService installed in the Services container (without this, the Mixin and authentication scheme rank will not appear) all authentication schemes have a Mixin added to them, the SAML Authentication Scheme Rank Mixin. The Mixin has two frozen properties, With TLS and Without TLS. These properties allow the authentication schemes to have a numerical ranking relative to one another. A lower number indicates a better security ranking.

To access, expand Config > Services > AuthenticationService. Select AuthenticationSchemes, right-click and choose the Property Sheet view.

Property	Value	Description
Global Password Configuration	additional properties	Configures password requirements for a particular authentication scheme. ”Global Password Configuration (baja-GlobalPasswordConfiguration)” documents the additional properties.
SAML Authentication Scheme Rank	additional properties	Represents the Mixin, for specifying authentication scheme ranking.
SAML Authentication Scheme Rank –With Tls and Without Tls	additional properties	Represents the rank and AuthnContextClassRef of the scheme, when used over With Tls and Without Tls. Is TLS Required: Indicates whether the rank applies to the scheme used over TLS or not. Authn Context Class Ref: The SAML Authn Context Class Ref corresponding to this authentication type. For core Niagara authentication schemes, the property is read-only. For third party authentication schemes, by default the property is set to unspecified. To edit this property the values should be taken from the SAML specification. Rank: Indicates a relative numerical ranking, where a lower number indicates a better security level ranking than a higher number. For core Niagara authentication schemes, a default rank is set but it can be changed. For Third party authentication schemes the defaults rank is 5 and can also be changed. The default ranking for core Niagara authentication schemes is: `1`: Google Authentication Scheme (TLS, no TLS) `2`: Kerberos (TLS, no TLS) `3`: SSL/TLS Certificate, Digest (TLS), AX Digest (TLS) `4`: Digest (no TLS), AX Digest (no TLS), LDAP (TLS) `5`: LDAP (no TLS)