Authentication is the first step in determining whether a user is allowed to access a resource protected by Access Manager. The Access Manager Authentication service verifies that a user really is the person he claims to be. Authentication service consists of the following components: plug-in modules, a framework for connecting plug-in modules, a core authentication component, a web service interface, and client APIs. Authentication Service interacts with the Authentication database to validate user credentials, and interacts with Identity Repository Management plug-ins to retrieve user profile attributes. When Authentication Service determines that a user’s credentials are genuine, a valid user session token is issued, and the user is said to be authenticated.