Authentication Modules

Active Directory

Uses an Active Directory operation to associate a user identifier and password with a particular Active Directory entry. You can define multiple Active Directory authentication configurations for a realm. Allows both LDAP and Active Directory to coexist under the same realm. 

Anonymous 

Enables a user to log in without specifying credentials. You can create an Anonymous user so that anyone can log in as Anonymous without having to provide a password. Anonymous connections are usually customized by the OpenSSO Enterprise administrator so that Anonymous users have limited access to the server. 

Certificate 

Enables a user to log in through a personal digital certificate (PDC). The user is granted or denied access to a resource based on whether or not the certificate is valid. The module can optionally require the use of the Online Certificate Status Protocol (OCSP) to determine the state of a certificate. 

Data Store 

Enables authentication against one or more configuration data stores within a realm. 

Federation 

Used by the service provider during federation (using SAML v1.x, SAML v2, WS-Federation, Liberty ID-FF) to create a session after validating the assertion. This authentication module can not be invoked like the other modules as it is invoked directly by the SAMLAwareServlet.

HTTP Basic 

Enables authentication to occur with no data encryption. Credentials are validated internally using either the LDAP or Data Store authentication module. 

Java Database Connectivity (JDBC)

Enables authentication through any Structured Query Language (SQL) databases that provide JDBC-enabled drivers. The SQL database connects either directly through a JDBC driver or through a JNDI connection pool. 

LDAP 

Enables authentication using LDAP bind, a directory server operation which associates a user identifier and password with a particular LDAP entry. You can define multiple LDAP authentication configurations for a realm. 

Membership 

Enables user to self-register a user entry. The user creates an account, personalizes it, and accesses it as a registered user without the help of an administrator. Implemented similarly to personalized sites such as my.site.comor mysun.sun.com.

MSISDN 

The Mobile Station Integrated Services Digital Network (MSISDN) authentication module enables authentication using a mobile subscriber ISDN associated with a device such as a cellular telephone. It is a non-interactive module. The module retrieves the subscriber ISDN and validates it against the user repository to find a user that matches the number. 

RADIUS 

Uses an external Remote Authentication Dial-In User Service (RADIUS) server to verify identities. 

Security Assertion Markup Language (SAML) 

Receives and validates SAML assertions on a target server by using either a web artifact or a POST response. 

SafeWord®

Uses Secure Computing’s SafeWord PremierAccess^TM server software and SafeWord tokens to verify identities.

SecurID^TM

Uses RSA ACE/Server software and RSA SecurID authenticators to verify identities. 

UNIX®

Solaris and Linux modules use a user’s UNIX identification and password to verify identities. 

Windows Desktop Single Sign-On (SSO) 

Allows a user who has already authenticated with a key distribution center to be authenticated by OpenSSO Enterprise without having to provide the login information again. Leverages Kerberos authentication and is supported wherever Kerberos is supported (including Windows, Solaris, Linux, and Macintosh). 

Windows NT 

Uses a Microsoft Windows NT^TM server to verify identities.