TIdSASLExternal.StartAuthenticate Method

Builds the the client response using values for the External SASL authentication mechanism.

Pascal

function StartAuthenticate(
    const AChallenge: String
): String; override;

Parameters

Parameters	Description
AChallenge	Server challenge for the SASL authentication exchange.

Returns

string - Client response to the server challenge.

Description

StartAuthenticate is an overridden String function used to build the client response to the SASL serve challenge in AChallenge.

StartAuthenticate uses the values in AuthenticationIdentity to build the the client response for the PLAIN SASL authentication mechanism.

In the External SASL authentication mechanism, the client sends an initial response to a server challenge with the authorization identity. The server uses information, external to SASL, to determine whether the client is authorized to authenticate as the authorization identity. If the client is so authorized, the server indicates successful completion of the authentication exchange; otherwise the server indicates failure.

The system providing this external information may be, for example, IPsec or TLS.

If the client sends an empty string as the authorization identity (thus requesting the authorization identity be derived from the client's authentication credentials), the authorization identity is to be derived from authentication credentials which exist in the system which is providing the external authentication.