Chapter 13       SafeWord Authentication Attributes


The SafeWord Authentication Attributes are organization attributes. The values applied to them under Service Management become the default values for the SafeWord Authentication template. A template is created for each organization when the organization registers for a service. The default values can be changed after registration by the organization's administrator. Organization attributes are not inherited by entries in the subtrees of the organization. The SafeWord Authentication attributes are:

• SafeWord Server Specification

• SafeWord System Name

• SafeWord Server Verification Files Path

• SafeWord Logging Level

• SafeWord Log Path

• SafeWord Module Authentication Level

SafeWord Server Specification

---

This field specifies the SafeWord server name and port. Port 7482 is set as the default.

SafeWord System Name

---

This field specifies the system name configured in the SafeWord server. The default system name is STANDARD.

SafeWord Server Verification Files Path

---

This field specifies the directory into which the SafeWord client library places its verification files. The default is as follows:

/var/opt/SUNWam/auth/safeword/serverVerification

If a different directory is specified in this field, the directory must exist before attempting SafeWord authentication.

SafeWord Logging Level

---

This attribute specifies the logging level for the SafeWord client. The default is 0.

SafeWord Log Path

---

This attribute specifies the directory path and log file name for SafeWord client logging. The default path is as follows:

/var/opt/SUNWam/auth/safeword/safe.log

If a different path or filename is specified, they must exist before attempting SafeWord authentication.

SafeWord Module Authentication Level

---

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. (The value in this attribute is not specifically used by DSAME but by any external application that may chose to use it.) If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0, the lowest authentication level.

---

Note	If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Auth Level. See "Default Auth Level" for details.

---