Sun logo      Previous      Contents      Index      Next     

Sun ONE Identity Server 6.1 Administration Guide

Chapter 26  
SecurID Authentication Attributes

The SecurID Authentication Attributes are organization attributes. The values applied to them under Service Configuration become the default values for the SecurID Authentication template. The service template needs to be created after registering the service for the organization. The default values can be changed after registration by the organization’s administrator. Organization attributes are not inherited by entries in the subtrees of the organization.

This service allows for authenticating users using RSA’s ACE/Server authentication server. The SecurID Authentication attributes are:

SecurID ACE/Server Configuration Path

This field specifies the directory in which the SecurID ACE/Server sdconf.rec file is located. The default is as follows:


If a different directory is specified in this field, the directory must exist before attempting SecurID authentication.

SecurID Helper Configuration Port

This attribute specifies the port on which the SecurID helper 'listens' upon startup for the configuration information contained in the SecurID Helper Authentication Port attribute. The default is 58943.

If this attribute is changed, you must also change the securidHelper.ports entry in the file, and restart Identity Server. The entry in the file is a space-separated list of the ports for the instances of SecurID helpers. For each organization that communicates with a different ACE/Server (which has a different sdconf.rec file), there must be a separate SecurID helper.

SecurID Helper Authentication Port

This attribute specifies the port that the organization’s SecurID authentication module will configure its SecurID helper instance to 'listen' for authentication requests. This port number must be unique across all organizations using SecurID or Unix authentication. The default port is 57943.

Authentication Level

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0.


If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Auth Level. See "Default Auth Level" for details.

Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.