Chapter 29 SafeWord Authentication Attributes

The SafeWord Authentication Attributes are organization attributes. The values applied to them under Service Configuration become the default values for the SafeWord Authentication template. The service template needs to be created after registering the service for the organization. The default values can be changed after registration by the organization’s administrator. Organization attributes are not inherited by entries in the subtrees of the organization.

This service allows for authenticating users using Secure Computing’s SafeWord or SafeWord PremierAccess authentication servers.The SafeWord Authentication attributes are:

SafeWord Server

This field specifies the SafeWord or SafeWord PremiereAccess server name and port. Port 7482 is set as the default for a SafeWord server. The default port number for a SafeWord PremierAccess server is 5030.

SafeWord Server Verification Files Directory

This field specifies the directory into which the SafeWord client library places its verification files. The default is as follows:

If a different directory is specified in this field, the directory must exist before attempting SafeWord authentication.

SafeWord Logging Enable

If selected, this attribute enables SafeWord logging. By default, SafeWord logging is enabled.

SafeWord Logging Level

This field specifies the SafeWord logging level. Select a level in the pulldown menu. The levels are DEBUG, ERROR, INFO and NONE.

SafeWord Log File

This attribute specifies the directory path and log file name for SafeWord client logging. The default path is as follows:

If a different path or filename is specified, they must exist before attempting SafeWord authentication.

If more than one organization is configured for SafeWord authentication, and different SafeWord servers are used, then different paths must be specified, or only the first organization where SafeWord authentication occurs will work. Likewise, if an organization changes SafeWord servers, the swec.dat file in the specified directory must be deleted before authentications to the newly configured SafeWord server will work.

SafeWord Authentication Connection Timeout

This attribute defines the timeout period (in seconds) between the SafeWord client (Access Manager) and the SafeWord server. The default is 120 seconds.

SafeWord Client Type

This attribute defines the Client Type that the SafeWord server uses to communicate with different clients, such as Mobile Client, VPN, Fixed Password, Challenge/Response, etc.

SafeWord eassp Version

This attribute specifies the Extended Authentication and Single Sign-on Protocol (EASSP) version. This field accepts either the standard (101) or premier access (201) protocol versions.

Minimum SafeWord Authenticator Strength

This attribute defines the minimum authenticator strength for the client/SafeWord server authentication. Each client type has a different authenticator value, and the higher the value, the higher the authenticator strength. 20 is the highest value possible. 0 is the lowest value possible.

Authentication Level

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0.



Note	If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Auth Level. See “Default Authentication Level” on page 306 for details.

Previous Contents Index Next
Sun Java System Access Manager 6 2005Q1 Administration Guide