| Sun ONE Identity Server 6.1 Administration Guide |
Chapter 26
SecurID Authentication AttributesThe SecurID Authentication Attributes are organization attributes. The values applied to them under Service Configuration become the default values for the SecurID Authentication template. The service template needs to be created after registering the service for the organization. The default values can be changed after registration by the organization’s administrator. Organization attributes are not inherited by entries in the subtrees of the organization.
This service allows for authenticating users using RSA’s ACE/Server authentication server. The SecurID Authentication attributes are:
SecurID ACE/Server Configuration Path
This field specifies the directory in which the SecurID ACE/Server sdconf.rec file is located. The default is as follows:
/opt/ace/data
If a different directory is specified in this field, the directory must exist before attempting SecurID authentication.
SecurID Helper Configuration Port
This attribute specifies the port on which the SecurID helper 'listens' upon startup for the configuration information contained in the SecurID Helper Authentication Port attribute. The default is 58943.
If this attribute is changed, you must also change the securidHelper.ports entry in the AMConfig.properties file, and restart Identity Server. The entry in the AMConfig.properties file is a space-separated list of the ports for the instances of SecurID helpers. For each organization that communicates with a different ACE/Server (which has a different sdconf.rec file), there must be a separate SecurID helper.
SecurID Helper Authentication Port
This attribute specifies the port that the organization’s SecurID authentication module will configure its SecurID helper instance to 'listen' for authentication requests. This port number must be unique across all organizations using SecurID or Unix authentication. The default port is 57943.
Authentication Level
The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0.
Note
If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Auth Level. See "Default Auth Level" for details.
