| Skip Navigation Links | |
| Exit Print View | |
|
Oracle OpenSSO 8.0 Update 2 Release Notes |
2. OpenSSO 8.0 Update 2 Patch Releases
3. Installing OpenSSO 8.0 Update 2
4. Using the Security Token Service
Adding a WSSAuth Authentication Module
To Add a New Web Service Security Authentication Module Instance
To Configure a WSSAuth Authentication Module Instance
Registering a Web Service Provider to OpenSSO STS
Requesting a Web Service Client Security Token from OpenSSO STS
Using the Security Token Generation Matrix
5. Using the Oracle OpenSSO Fedlet
6. Integrating the OpenSSO 8.0 Update 2 with Oracle Access Manager
The Oracle authentication module enables OpenSSO to authenticate and single sign-on an administrator, who previously authenticated to Oracle Access Manager, to OpenSSO. The administrator does not have to provide credentials to OpenSSO.
The following table provides a listing and descriptions of the attributes you can configure.
Specify the name of the REMOTE USER HEADER that is set by the Oracle Access Manager. Example: OAM_REMOTE_USER
The Current Values list displays users who are allowed to access the OpenSSO STS administration console.
To add a user to the list, in the New Value field type a username, and then click Add.
To remove an entry from the Current Values list, select the entry and then click Remove.
Specify a value that indicates how much to trust an authentication mechanism. The default value is 0.
The authentication level is set separately for each method of authentication. Once a user has authenticated, this value is stored in the SSOToken for the session. When the SSOToken is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access.
If the authentication level stored in an SSOToken does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level.
0 is a low value. For example, if the user accesses the URL protocol://openssoServer:port/opensso/UI/Loin?authlevel=0, a selection menu is displayed containing all authentication module instances with an authentication level of 0 or greater, or all authentication module instances. Similarly if the user accesses the URL protocol://openssoServer:port/opensso/UI/Loin?authlevel=50, a selection menu is displayed containing authentication module instances with an authentication level of 50 or greater. Or if only one authentication module instance meets that constraint, a login screen for that authentication module instance is displayed.
If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Authentication Level.
|