Sun Java System Access Manager 7.1 Administration Reference


This module allows for authentication using RSA ACE/Server software and RSA SecurID authenticators. the SecurID authentication module is not available for the Linux or Solaris x86 platforms and this should not be registered, configured, or enabled on these two platforms. It is only available for Solaris. The SecurID authentication attributes are realm attributes. The attributes are:

ACE/Server Configuration Path

Specifies the directory in which the SecurID ACE/Server sdconf.rec file is located, by default in /opt/ace/data If you specify a different directory in this field, the directory must exist before attempting SecurID authentication.

Helper Configuration Port

Specifies the port on which the SecurID helper 'listens' upon startup for the configuration information contained in the SecurID Helper Authentication Port attribute. The default is 58943.

If this attribute is changed, you must also change the securidHelper.ports entry in the file, and restart Access Manager. The entry in the file is a space-separated list of the ports for the instances of SecurID helpers. For each realm that communicates with a different ACE/Server (which has a different sdconf.rec file), there must be a separate SecurID helper.

Helper Authentication Port

Specifies the port that the realm's SecurID authentication module will configure its SecurID helper instance to 'listen' for authentication requests. This port number must be unique across all realms using SecurID or UNIX authentication. The default port is 57943.

Authentication Level

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication mechanism. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0.

Note –

If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Authentication Level.