Unknown users and the ‘alias’ option

In rule-based authentication it’s possible for Content Gateway to authenticate a user who is not recognized by User Service because the name is not in the User Service directory.

When an authenticated user name is not found by User Service, standard Filtering Service precedence is used to determine correct policy. There are several ways to address this:

  • Change the User Services configuration so that it can discover and add the names to its directory.
  • Add the unrecognized names to the primary domain. The names must match exactly. Define policies for the new names.
  • For users who match a particular authentication rule, pass an alias name and add the alias name to the primary domain. The names must match exactly. Define a policy for the alias name.
  • Do nothing, or select to use a blank (empty) alias. This causes standard Filtering Service precedence to be applied to determine the correct policy. See Enforcement order in Administrator Help for the Web module.

For some illustrative use cases, see Rule-based authentication use cases.