The sole purpose of using an Anonymous server is to provide restriction-less access to the end user, which directly presents the user with the back end resources, without prompting the user for any authentication credentials. However, end users may be restricted via a realm/role level authentication policy, which is based on source IP/certificate/ browser/ Host Checker.
The Anonymous server feature provides anonymous authentication mechanism for resources on the PCS device, which do not require extreme security and is used to allow users to access the PCS device without providing a username or password. Instead, when a user types the URL of a sign-in page, which is configured to authenticate against an anonymous server, the PCS device bypasses the standard sign-in page and immediately displays the welcome page to the user. So, anonymous authentication server is used when access is provided to the device, without the requirement of credentials.
When given a choice between realms configured with authentication servers, which would present users with the sign-in page that require credentials, and realms configured with anonymous server, which would directly bypass the sign-in page and allow access without requesting authentication, an error message is generated; which is expected behavior.Anonymous Server Restrictions
When defining and monitoring an anonymous server instance, Please note that:
- You can only add one anonymous server configuration.
- You cannot authenticate administrators by using an anonymous server.
- During configuration, you must select the anonymous server as both the authentication server and the directory/attribute server in the Users > User Realms > General tab.
- When creating role mapping rules via the Users > User Realms > Role Mapping tab, the SA device does not allow you to create mapping rules that apply to specific users (such as Joe), as the anonymous server does not collect username information. You can create role mapping rules that are only based on a default username (*), certificate attributes, or custom expressions.
- For security reasons, you may want to limit the number of users who sign in via an anonymous server at any given time. To do this, use the option on the Users > User Realms > [Realm] > Authentication Policy > Limits tab (where [Realm] is the realm that is configured to use the anonymous server to authenticate users).
- You cannot view and delete the sessions of anonymous users via the Users tab (as you can with other authentication servers), as the PCS device cannot display individual session data, without collecting usernames.