Sun logo      Previous      Contents      Index      Next     

Sun ONE Identity Server 6.1 Administration Guide

Chapter 17  
Anonymous Authentication Attributes

The Anonymous Authentication attributes are organization attributes. The values applied to them under Service Configuration become the default values for the Anonymous Authentication template. The service template needs to be created after registering the service for the organization. The default values can be changed after registration by the organization’s administrator. Organization attributes are not inherited by entries in the subtrees of the organization. The Anonymous Authentication attributes are:

Valid Anonymous User List

This field contains a list of user IDs that have permission to login without providing credentials. If a user’s login name matches a user ID in this list, access is granted and the session is assigned to the specified user ID.

If this list is empty, accessing the following default module login URL will be authenticated as the Default Anonymous User Name:

protocol://server_host.server_domain:server_port/server_deploy_uri/UI/Logi n?module=Anonymous&org=org_name

If this list is not empty, accessing Default module login URL (same as above) will prompt the user to enter any valid Anonymous user name

If this list is not empty, the user can log in without seeing the login page by accessing the following URL:

protocol://server_host.server_domain:server_port/server_deploy_uri/UI/Logi n?module=Anonymous&org=org_name&IDToken1=<valid Anonymous username>

Case Sensitive User Name

If enabled, this option allows for case-sensitivity for user IDs. By default, this attribute is not enabled.

Default Anonymous User Name

This field defines the user ID that a session is assigned to if Valid Anonymous User List is empty and the following Default module login URL is accessed:

protocol://server_host.server_domain:server_port/server_deploy_uri/UI/Logi n?module=Anonymous&org=org_name

The default value is anonymous. An Anonymous user must also be created in the organization.


If Valid Anonymous User List is not empty, you can login without accessing the login page by using the user defined in Default Anonymous User Name. This can be done by accessing the following URL:

protocol://server_host.server_domain:server_port/server_deplo y_uri/UI/Login?module=Anonymous&org=org_name&IDToken1=<Defaul tAnonymous User Name>

Authentication Level

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0.


If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Auth Level. See "Default Auth Level" for details.

Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.