Contents

Audience for This Guide

Identity Server 6.1 Documentation Set

Identity Server Core Documentation

Identity Server Policy Agent Documentation Set

Your Feedback on the Documentation

Documentation Conventions Used in This Guide

Typographic Conventions

Terminology

Related Information

Part 1 Identity Server Console Guide

Chapter 1   Product Overview

Sun ONE Identity Server

Features of Identity Server

Service Configuration

Policy Management

SAML

Federation Management

Authentication

Single Sign-On

Policy Agents

Identity Management

The Identity Server Console

Header Frame

Navigation Frame

Data Frame

Chapter 2   Identity Management

The Identity Management Interface

Identity Management View

User Profile View

Managing Identity Server Objects

Properties Function

Organizations

Add an Organization to a Policy

Groups

Add a Group to a Policy

Users

Add a User to a Policy

Services

Roles

Add a Role to a Policy

Customize a Service to a Role

Policies

Containers

People Containers

Group Containers

Chapter 3   Service Configuration

Definition of a Service

Identity Server Services

Administration Service

Authentication Service

Anonymous

Certificate-based

Core

HTTP Basic

LDAP

Membership (Self-Registration)

NT

RADIUS

SafeWord

SecurID

Unix

Authentication Configuration Service

Client Detection Service

Globalization Settings Service

Logging Service

Naming Service

Password Reset Service

Platform Service

Policy Configuration Service

SAML Service

Session Service

User Service

Attribute Types

Dynamic Attributes

User Attributes

Organization Attributes

Global Attributes

Policy Attributes

Service Configuration Interface

Chapter 4   Current Sessions

The Current Sessions Interface

Session Management Frame

Session Information Window

Terminating a Session

Chapter 5   Federation Management

Overview of Authentication Domains and Providers

Authentication Domains

Creating An Authentication Domain

Modifying An Authentication Domain

Deleting An Authentication Domain

Providers

Creating Remote Providers

Modifying Remote Providers

Creating Hosted Providers

Modifying Hosted Providers

Deleting Providers

Chapter 6   Policy Management

Policy Types

Normal Policy

Referral Policy

Policy Management

Registering Policy Configuration Services

Creating Policies

Modifying Policies

Modify a Normal Policy

Modify a Referral Policy

Creating Policies for Peer and Suborganizations

Chapter 7   Authentication Options

Core Authentication

Registering and Enabling the Core Service

Anonymous Authentication

Registering and Enabling Anonymous Authentication

Logging In Using Anonymous Authentication

Certificate-based Authentication

Registering and Enabling Certificate-based Authentication

Adding a Platform Server List for Certificate-based Authentication

Logging In Using Certificate-based Authentication

HTTP Basic Authentication

Registering and Enabling HTTP Basic Authentication

Logging In Using HTTP Basic Authentication

LDAP Directory Authentication

Registering and Enabling LDAP Authentication

Logging In Using LDAP Authentication

Enabling LDAP Authentication Failover

Multiple LDAP Configuration

Membership Authentication

Registering and Enabling Membership Authentication

Logging In Using Membership Authentication

NT Authentication

Registering and Enabling NT Authentication

Logging In Using NT Authentication

RADIUS Server Authentication

Registering and Enabling RADIUS Authentication

Logging In Using RADIUS Authentication

SafeWord Authentication

Registering and Enabling SafeWord Authentication

Logging In Using SafeWord Authentication

Configuring SafeWord with Sun ONE Application Server

SecurID Authentication

Registering and Enabling SecurID Authentication

Logging In Using SecurID Authentication

Unix Authentication

Registering and Enabling Unix Authentication

Logging In Using Unix Authentication

Authentication Configuration

Authentication Configuration User Interface

Authentication Configuration for Organizations

Authentication Configuration for Roles

Authentication Configuration for Services

Authentication Configuration for Users

Authentication By Authentication Level

Authentication By Module

URL Redirection

Chapter 8   Password Reset Service

Registering the Password Reset Service

Configuring the Password Reset Service

Password Reset Lockout

Memory Lockout

Physical Lockout

Password Reset for End Users

Customizing Password Reset

Resetting Forgotten Passwords

Password Policies

Part 2 Command Line Reference Guide

Chapter 9   The amadmin Command Line Tool

The amadmin Command Line Executable

The amadmin Syntax

amadmin Options

Creating Policies with amadmin

Chapter 10   The amserver Command Line Tool

The amserver Command Line Executable

amserver Syntax

amserver Commands for Solaris

amserver Commands for Windows 2000

Using amserver for Multi-Server Installer Administration (Web Server Instances only)

TO BE ADDED FOR 6.2!!!!!!!!!

Chapter 11   The am2bak Command Line Tool

The am2bak Command Line Executable

The am2bak Syntax

am2bak Options

Backup Procedure

Chapter 12   The bak2am Command Line Tool

The bak2am Command Line Executable

The bak2am Syntax

bak2am Options

Chapter 13   The ampassword Command Line Tool

The ampassword Command Line Executable

The ampassword Syntax

ampassword Options

Running ampassword on SSL

Chapter 14   The VerifyArchive Command Line Tool

The VerifyArchive Command Line Executable

VerifyArchive Syntax

VerifyArchive Options

Chapter 15   The amsecuridd Helper

The amsecuridd Helper Command Line Executable

amsecuridd Syntax

amsecuridd Options

Running the amsecuridd helper

Required Libraries

Part 3 Attribute Reference Guide

Chapter 16   Administration Service Attributes

Global Attributes

Enable Federation Management

Enable User Management

Show People Containers

Display Containers In Menu

Show Group Containers

Managed Group Type

Default Role Permissions (ACIs)

No Permissions

Organization Admin

Organization Help Desk Admin

Organization Policy Admin

Domain Component Tree Enabled

Admin Groups Enabled

Compliance User Deletion Enabled

Dynamic Admin Roles ACIs

Container Help Desk Admin

Organization Help Desk Admin

Container Admin

Organization Policy Admin

People Container Admin

Group Admin

Top-level Admin

Organization Admin

User Profile Service Classes

DC Node Attribute List

Search Filters for Deleted Objects

Organization Attributes

Groups Default People Container

Groups People Container List

User Profile Display Class

Display User's Roles

Display User's Groups

User Group Self Subscription

User Profile Display Options

User Creation Default Roles

View Menu Entries

Maximum Results Returned From Search

Timeout For Search (sec.)

JSP Directory Name

Online Help Documents

Required Services

User Search Key

User Search Return Attribute

User Creation Notification List

User Deletion Notification List

User Modification Notification List

Maximum Entries Per Page

Display Options

Event Listener Classes

Pre and Post Processing Classes

External Attributes Fetch Enabled

Chapter 17   Anonymous Authentication Attributes

Valid Anonymous User List

Case Sensitive User Name

Default Anonymous User Name

Authentication Level

Chapter 18   Certificate Authentication Attributes

Match Certificate in LDAP

Attribute In Subject DN To Use To Search LDAP

Match Certificate to CRL

Attribute In Issuer DN To Use To Search CRL

Enable OCSP Validation

LDAP Server and Port

LDAP Start Search DN

LDAP Server Principal User

LDAP Server Principal Password

LDAP Attribute for Profile ID

SSL On For LDAP Access

Field in Cert To Use To Access User Profile

Other Field In Cert To Use To Access User Profile

Trusted Remote Hosts

SSL Port Number

Authentication Level

Chapter 19   Core Authentication Attributes

Global Attributes

Pluggable Auth Module Classes

Supported Auth Modules for Clients

LDAP Connection Pool Size

LDAP Connection Default Pool Size

Organization Attributes

Organization Authentication Modules

User Profile

Admin Authenticator

User Profile Dynamic Creation Default Roles

Persistent Cookie Mode

Persistent Cookie Max Time (seconds)

People Container For All Users

Alias Search Attribute Name

User Naming Attribute

Default Auth Locale

Organization Authentication Configuration

Login Failure Lockout Mode

Login Failure Lockout Count

Login Failure Lockout Interval (minutes)

Email Address to Send Lockout Notification

Warn User After N Failure

Login Failure Lockout Duration (minutes)

Lockout Attribute Name

Lockout Attribute Value

Default Success Login URL

Default Failure Login URL

Authentication PostProcessing Class

User Name Generator Mode

Pluggable User Name Generator Class

Default Auth Level

Chapter 20   HTTP Basic Authentication Attributes

Authentication Level

Chapter 21   LDAP Authentication Attributes

Primary LDAP Server and Port

Secondary LDAP Server and Port

DN to Start User Search

DN for Root User bind

Password for Root User Bind

Password For Root User Bind (Confirm)

User Naming Attribute

User Entry Search Attributes

User Search Filter

Search Scope

Enable SSL to LDAP Server

Return User DN To Auth

LDAP Server Check Interval

User Creation Attributes List

Authentication Level

Chapter 22   Membership Authentication Attributes

Minimum Password Length

Default User Roles

User Status After Registration

Primary LDAP Server and Port

Secondary LDAP Server and Port

DN to Start User Search

DN for Root User bind

Password for Root User Bind

Password for Root User Bind (Confirm)

User Naming Attribute

User Entry Search Attributes

User Search Filter

Search Scope

Enable SSL to LDAP Server

Return User DN To Auth

Authentication Level

Chapter 23   NT Authentication Attributes

NT Authentication Domain

NT Authentication Host

Authentication Level

Chapter 24   RADIUS Authentication Attributes

RADIUS Server 1

RADIUS Server 2

RADIUS Shared Secret

RADIUS Shared Secret (Confirm)

RADIUS Server’s Port

Timeout (Seconds)

Authentication Level

Chapter 25   SafeWord Authentication Attributes

SafeWord Server Specification

SafeWord System Name

SafeWord Server Verification Files Path

SafeWord Logging Level

SafeWord Log Path

Authentication Level

Chapter 26   SecurID Authentication Attributes

SecurID ACE/Server Configuration Path

SecurID Helper Configuration Port

SecurID Helper Authentication Port

Authentication Level

Chapter 27   Unix Authentication Attributes

Global Attributes

Unix Helper Configuration Port

Unix Helper Authentication Port

Unix Helper Timeout (Minutes)

Unix Helper Threads

Organization Attribute

Authentication Level

Chapter 28   Authentication Configuration Service Attributes

Authentication Configuration

Login Success URL

Login Failure URL

Authentication Post Processing Class

Conflict Resolution Level

Chapter 29   Client Detection Service Attributes

Client Types

Client Manager

Default Client Type

Client Detection Class

Client Detection Enabled

Chapter 30   Globalization Setting Service Attributes

Charsets Supported By Each Locale

Charset Aliases

Auto Generated Common Name Format

Chapter 31   Logging Service Attributes

Max Log Size

Number of History Files

Log Location

Logging Type

Database User Name

Database User Password

Database User Password (Confirm)

Database Driver Name

Configurable Log Fields

Log Verification Time

Log Signature Time

Secure Logging

Maximum Number of Records

Number Of Files Per Archive

Buffer Size

Buffer Time

Time Buffering

Chapter 32   Naming Service Attributes

Profile Service URL

Session Service URL

Logging Service URL

Policy Service URL

Auth Service URL

SAML Web Profile/Artifact Service URL

SAML SOAP Service URL

SAML Web Profile/POST Service URL

SAML Assertion Manager Service URL

Federation Assertion Manager Service URL

Identity SDK Service URL

Chapter 33   Password Reset Service Attributes

User Validation

Secret Question

Search Filter

Base DN

Bind DN

Bind Password

Password Reset Option

Password Change Notification Option

Password Reset Enabled

Personal Question Enabled

Number of Questions

Password Reset Failure Lockout Count

Password Reset Failure Lockout Interval (minutes)

Email Address to Send Lockout Notification

Warn User After N Failure

Password Reset Failure Lockout Duration (minutes)

Password Reset Failure Lockout Mode

Password Reset Lockout Attribute Name

Password Reset Lockout Attribute Value

Chapter 34   Platform Service Attributes

Server List

Platform Locale

Cookie Domains

Login Service URL

Logout Service URL

Available Locales

Client Char Sets

Chapter 35   Policy Configuration Service Attributes

Global Attribute

Resource Comparator

Organization Attributes

LDAP Server and Port

LDAP Base DN

LDAP Users Base DN

Identity Server Roles Base DN

LDAP Bind DN

LDAP Bind Password

LDAP Bind Password (Confirm)

LDAP Org Search Filter

LDAP Org Search Scope

LDAP Groups Search Filter

LDAP Groups Search Scope

LDAP Users Search Filter

LDAP Users Search Scope

LDAP Roles Search Filter

LDAP Roles Search Scope

Identity Server Roles Search Scope

LDAP Organization Search Attribute

LDAP Groups Search Attribute

LDAP Users Search Attribute

LDAP Roles Search Attribute

Maximum Results Returned From Search

Timeout For Search (seconds)

LDAP SSL Enabled

LDAP Connection Pool Minimal Size

LDAP Connection Pool Maximum Size

Selected Policy Subjects

Selected Policy Conditions

Selected Policy Referrals

Subjects Result Time To Live

User Alias Enabled

Chapter 36   SAML Service Attributes

Site ID And Site Issuer Name

Sign Request

Sign Response

Sign Assertion

Artifact Name

Target Specifier

Artifact Timeout (seconds)

Assertion Skew Factor For notBefore Time

Assertion Timeout (seconds)

Trusted Partner Sites

POST To Target URLs

Chapter 37   Session Service Attributes

Global Attributes

Maximum Number of Search Results

Timeout For Search (Seconds)

Dynamic Attributes

Max Session Time (Minutes)

Max Idle Time (Minutes)

Max Caching Time (Minutes)

Chapter 38   User Attributes

User Service Attributes

User Preferred Language

User Preferred Timezone

Inherited Locale

Admin DN Starting View

Default User Status

User Profile Attributes

First Name

Last Name

Full Name

Password

Password (Confirm)

Email Address

Employee Number

Telephone Number

Home Address

User Status

Account Expiration Date

User Authentication Configuration

User Alias List

Preferred Locale

Success URL

Failure URL

Unique User IDs

Appendix A   Error Codes

Identity Server Console Errors

Authentication Error Codes

Policy Error Codes

amadmin Error Codes

Appendix B   Configuring Identity Server in SSL Mode

Configuring Identity Server With a Secure Sun ONE Web Server

Configuring Identity Server with a Secure Sun ONE Application Server

Setting Up Application Server With SSL

Configuring Identity Server in SSL Mode

Copyright      Index      Next

---

Copyright 2003 Sun Microsystems, Inc. All rights reserved.