Chapter 22       SafeWord Authentication Attributes


The SafeWord Authentication Attributes are organization attributes. The values applied to them under Service Configuration become the default values for the SafeWord Authentication template. The service template needs to be created after registering the service for the organization. The default values can be changed after registration by the organization's administrator. Organization attributes are not inherited by entries in the subtrees of the organization.

This service allows for authenticating users using Secure Computing's SafeWord or SafeWord PremierAccess authentication servers.The SafeWord Authentication attributes are:

• SafeWord Server Specification

• SafeWord System Name

• SafeWord Server Verification Files Path

• SafeWord Logging Level

• SafeWord Log Path

• SafeWord Module Authentication Level

SafeWord Server Specification

This field specifies the SafeWord or SafeWord PremiereAccess server name and port. Port 7482 is set as the default for a SafeWord server. The default port number for a SafeWord PremierAccess server is 5030.

SafeWord System Name

This field specifies the system name configured in the SafeWord server. The default system name is STANDARD.

SafeWord Server Verification Files Path

This field specifies the directory into which the SafeWord client library places its verification files. The default is as follows:

/var/opt/SUNWam/auth/safeword/serverVerification

If a different directory is specified in this field, the directory must exist before attempting SafeWord authentication.

SafeWord Logging Level

This attribute is not used.

SafeWord Log Path

This attribute specifies the directory path and log file name for SafeWord client logging. The default path is as follows:

/var/opt/SUNWam/auth/safeword/safe.log

If a different path or filename is specified, they must exist before attempting SafeWord authentication.

If more than one organization is configured for SafeWord authentication, and different SafeWord servers are used, then different paths must be specified, or only the first organization where SafeWord authentication occurs will work. Likewise, if an organization changes SafeWord servers, the swec.dat file in the specified directory must be deleted before authentications to the newly configured SafeWord server will work.

SafeWord Module Authentication Level

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. (The value in this attribute is not specifically used by Identity Server but by any external application that may chose to use it.) If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0, the lowest authentication level.

---

Note	If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Auth Level. See "Default Auth Level" for details.

---