Secure remote password authentication
The Secure Remote Password (SRP) protocol is an industry-standard nondisclosing authentication protocol (also characterized as a zero-knowledge protocol). This type of protocol enables a client-tier user to prove to an Authentication Service that he or she has knowledge of a password without ever revealing that password to the middle-tier service. Nondisclosing authentication protocols protect against man-in-the-middle attacks, allowing password-based mutual authentication of a client and server.
For SRP, the TrueSight Server Automation Authentication Service authenticates client-tier users against a registry of authorized users. In TrueSight Server Automation, that registry is a user table in the central Application Server database. Information in the user table is derived from the RBAC utility in the TrueSight Server Automation Console.
After successfully authenticating the SRP user, the Authentication Service issues the client a session credential. At that point a TrueSight Server Automation client application can use the session credential to establish an authenticated secure session with the Application Service or Network Shell Proxy Service identified by the service URLs in the session credential.