Membership

The Membership Authentication module is implemented for personalized sites that allow a user to self-register. This means the user can create an account, personalize it, and access it as a registered user without the help of an administrator. The attributes are realm attributes. The attributes are:

• Minimum Password Length

• Default User Roles

• User Status After Registration

• Authentication Level

Minimum Password Length

Specifies the minimum number of characters required for a password set during self-registration. The default value is 8.

Default User Roles

Specifies the roles assigned to new users whose profiles are created through self-registration. There is no default value. The administrator must specify the DNs of the roles that will be assigned to the new user.

The role specified must be under the realm for which authentication is being configured. Only the roles that can be assigned to the user will be added during self-registration. All other DNs will be ignored. The role can be either an OpenSSO Enterprise role or an LDAP role, but filtered roles are not accepted.

User Status After Registration

Specifies whether services are immediately made available to a user who has self-registered. The default value is Active and services are available to the new user. By selecting Inactive, the administrator chooses to make no services available to a new user.

Authentication Level

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication mechanism. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0.

If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Authentication Level.