Authentication Modules

Active Directory

Uses an Active Directory operation to associate a user ID and password with a particular Active Directory entry. You can define multiple Active Directory authentication configurations for a realm. Allows both LDAP and Active Directory to coexist under the same realm. 

Anonymous 

Enables a user to log in without specifying credentials. You can create an Anonymous user so that anyone can log in as Anonymous without having to provide a password. Anonymous connections are usually customized by the Access Manager administrator so that Anonymous users have limited access to the server. 

Certificate 

Enables a user to log in through a personal digital certificate (PDC). The user is granted or denied access to a resource based on whether or not the certificate is valid. The module can optionally require the use of the Online Certificate Status Protocol (OCSP) to determine the state of a certificate. 

Data Store 

Enables authentication against one or more configuration data stores within a realm.  

HTTP Basic 

Enables authentication to occur with no data encryption. Credentials are validated internally using the LDAP authentication module. 

Java Database Connectivity (JDBC)

Enables authentication through any Structured Query Language (SQL) databases that provide JDBC-enabled drivers. The SQL database connects either directly through a JDBC driver or through a JNDI connection pool. 

LDAP 

Enables authentication using LDAP bind, a Directory Server operation which associates a user ID password with a particular LDAP entry. You can define multiple LDAP authentication configurations for a realm. 

Membership 

Enables user to self-register. The user create an account, personalizes it, and accesses it as a registered user without the help of an administrator. Implemented similarly to personalized sites such as my.site.com, or mysun.sun.com.

MSISDN 

The Mobile Station Integrated Services Digital Network (MSISDN) authentication module enables authentication using a mobile subscriber ISDN associated with a device such as a cellular telephone. It is a non-interactive module. The module retrieves the subscriber ISDN and validates it against the user repository to find a user that matches the number. 

RADIUS 

Uses an external Remote Authentication Dial-In User Service (RADIUS) server to verify identities. 

Security Assertion Markup Language (SAML) 

Receives and validates SAML assertions on a target server by using either a web artifact or a POST response. 

SafeWord®

Uses Secure Computing’s SafeWord PremierAccess^TM server software and SafeWord tokens to verify identities.

SecurID^TM

Uses RSA ACE/Server software and RSA SecurID authenticators to verify identities. 

UNIX®

Solaris and Linux modules use a user’s UNIX identification and password to verify identities. 

Windows Desktop Single Sign-On (SSO) 

Allows a user who has already authenticated with a key distribution center to be authenticated with Access Manager without having to provide the login information again. Leverages Kerberos authentication and is specific to the Windows operating system. 

Windows NT 

Uses a Microsoft Windows NT^TM server to verify identities.