|
| |
| Sun Java System Access Manager 6 2005Q1 Administration Guide | |
Chapter 28
RADIUS Authentication AttributesThe RADIUS Authentication attributes are organization attributes. The values applied to them under Service Configuration become the default values for the RADIUS Authentication template. The service template needs to be created after registering the service for the organization. The default values can be changed after registration by the organization’s administrator. Organization attributes are not inherited by entries in the organization. The RADIUS Authentication attributes are:
RADIUS Server 1
This field displays the IP address or fully qualified host name of the primary RADIUS server. The default IP address is 127.0.0.1. The field will recognize any valid IP address or host name. Multiple entries must be prefixed by the local server name as in the following syntax:
local_servername|ip_address local_servername2|ip_adress ...
RADIUS Server 2
This field displays the IP address or fully qualified domain name (FQDN) of the secondary RADIUS server. It is a failover server which will be contacted if the primary server could not be contacted. The default IP address is 127.0.0.1. Multiple entries must be prefixed by the local server name as in the following syntax:
local_servername|ip_address local_servername2|ip_adress ...
RADIUS Shared Secret
This field carries the shared secret for RADIUS authentication. The shared secret should have the same qualifications as a well-chosen password. There is no default value for this field.
RADIUS Shared Secret (Confirm)
Confirmation of the shared secret for RADIUS authentication.
RADIUS Server’s Port
This field specifies the port on which the RADIUS server is listening. The default value is 1645.
Timeout
This field specifies the time interval in seconds to wait for the RADIUS server to respond before a timeout. The default value is 3 seconds. It will recognize any number specifying the timeout in seconds.
Authentication Level
The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0.