15.3.1.2. Configuring routers

Routers are simple conditional rules (that is, if-then expressions) that determine which instance has to be used to authenticate a particular connection. They consist of a condition and a corresponding instance: if the parameter of the connection matches the set condition, then the authentication is performed with the set instance. The condition consists of a variable and a pattern: the condition is true if the variable of the connection is equal to the specified pattern. Routers can be configured in the Routers section of the Authentication Server ZMC component. They are evaluated sequentially: if the incoming connection matches a router, authentication is performed according to the instance specified in the router, otherwise the next router is evaluated. For configuring a new router only the condition has to be specified and the backend instance selected. The exact procedure is as follows:

  1. Navigate to the Authentication Server ZMC component, and click New in the Routers section of the tab.

    Defining new routers

    Figure 15.12. Defining new routers

  2. Select the instance that will authenticate the connections matching this router from the Target instance combobox.

    Configuring a new router

    Figure 15.13. Configuring a new router

  3. Click on New, and define a condition for the router. Select the variable to be used from the Variable combobox, and enter the search term to the Value field. If the Variable of the inspected connection matches Value, the instance specified in Target instance will authenticate the connection.

    Currently the following variables can be used to create conditions: Client IP, Client zone, Service, and User.

    Defining conditions

    Figure 15.14. Defining conditions

    Note

    A router can contain multiple conditions. In this case all specified conditions must be true to select the target instance. (that is, the conditions are connected with logical AND operations.)

    Using multiple conditions in a router

    Figure 15.15. Using multiple conditions in a router