The Authentication framework includes two pluggable and customizable services: General Authentication Service, and Authentication Configuration Service.
The general authentication service is used for server-related attribute configuration. Some of the attributes described in this service are default attributes for all Access Manager authentication modules.
You must register the general authentication service as a service to a realm before a user can use authentication modules to log in. The general authentication service enables the Access Manager administrator to define default values for a realm's authentication parameters. These values can be used if no overriding value is defined in the specified authentication module. The default values for the General Authentication Service are defined in the amAuth.xml file and stored in the Access Manager information tree after installation.
The Authentication Configuration Service describes all the dynamic attributes for service-based authentication. This service is used for roles. When you assign a service to a role, you can also assign other attributes such as a success URL or an authentication post-processing class to the role.