test

Oracle OpenSSO 8.0 Update 2 Release Notes

Procedure To Configure a WSSAuth Authentication Module Instance

  1. In the OpenSSO console, go to the Access Control tab > RealmName > Authentication subtab.

  2. In the Module Instances section, click name of the WSSAuth authentication module instance you want to configure.

  3. Provide values for the WSSAuth Authentication Module Instance Realm attributes.

    The following table provides a listing and descriptions of the attributes you can configure.

    User search attribute

    Specify a user attribute that to be used to search for a user. Examples: uid, cn

    User realm

    Specify the realm the user belongs to. For OpenSSO STS it is always root realm, indicated by a forward slash / .

    User password attribute

    Specify a password attribute (password equivalent) for the user. The default could be userpassword, it could as well be empoyeenumber or mail.

    Authentication Level

    Specify a value that indicates how much to trust an authentication mechanism. The default value is 0.

    The authentication level is set separately for each method of authentication. Once a user has authenticated, this value is stored in the SSOToken for the session. When the SSOToken is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access.

    If the authentication level stored in an SSOToken does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level.

    0 is a low value. For example, if the user accesses the URL protocol://openssoServer:port/opensso/UI/Loin?authlevel=0, a selection menu is displayed containing all authentication module instances with an authentication level of 0 or greater, or all authentication module instances. Similarly if the user accesses the URL protocol://openssoServer:port/opensso/UI/Loin?authlevel=50, a selection menu is displayed containing authentication module instances with an authentication level of 50 or greater. Or if only one authentication module instance meets that constraint, a login screen for that authentication module instance is displayed.

    If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Authentication Level.