test

Sun OpenSSO Enterprise 8.0 Administration Guide

ProcedureTo Modify Core Authentication Properties Globally

Before You Begin

This procedure assumes you are logged into the OpenSSO Enterprise console as the administrator.

  1. Click the Configuration tab.

  2. Click Core under the Authentication tab.

  3. Modify the Global attributes by adding or changing the values.

    These properties contain operating values that are applied to the Authentication Service throughout the OpenSSO Enterprise deployment.

    Pluggable Authentication Module Classes

    Specifies the Java classes of the available authentication modules. Takes a text string specifying the full class name (including package) of each authentication module. After writing a custom authentication module (by implementing the OpenSSO Enterprise AMLoginModule or the Java Authentication and Authorization Service [JAAS] LoginModule service provider interfaces), the new class value must be added to this property.

    Supported Authentication Modules for Clients

    Specifies a list of authentication modules supported for a specific client. Formatted as:


    clientType | module1,module2,module3

    This attribute is read by the Client Detection Service when it is enabled.

    LDAP Connection Pool Size

    Specifies the minimum and maximum connection pool to be used on a specific LDAP server and port. Formatted as:


    host:port:min:max

    This attribute is for LDAP and Membership authentication services only.

    Default LDAP Connection Pool Size

    Sets the default minimum and maximum connection pool to be used with all LDAP authentication module configurations. Formatted as:


    min:max

    This value is superseded by a value defined for a specific host and port in the LDAP Connection Pool Size property.

    Remote Auth Security

    Requires that OpenSSO Enterprise validate the identity of the calling application; thus all remote authentication requests require the calling application's SSOToken. This allows the Authentication Service to obtain the username and password associated with the application.

    Keep Post Process Objects for Logout Processing

    Requires that the user session hold the instances of any post processing authentication classes used during the log in process after authentication is complete. When user log out is later invoked, the onLogout() method of these instances is called. If this attribute is not enabled, the post processing instances are not preserved and new instances are created when logout is invoked.

    Keep Authentication Module Objects for Logout Processing

    Requires that the user session hold the instances of authentication modules used during the log in process after authentication is complete. When user log out is later invoked, the destroyModuleState() method of these instances is called. If this attribute is not enabled, the authentication module instances are not preserved and no method on the authentication modules is called upon log out.

  4. Modify the top level Realm attributes by adding or changing the values.

    These realm properties (as defined globally under the Configuration tab) are specific to the top level realm. Top level realm properties can also be modified by navigating to the top level realm itself. See To Modify Core Authentication Properties By Realm for instructions and definitions of the attributes.

  5. Click Save.

  6. Click Back to Service Configuration.

  7. Logout of the OpenSSO Enterprise console.