2. OpenSSO 8.0 Update 2 Patch Releases
3. Installing OpenSSO 8.0 Update 2
4. Using the Security Token Service
Adding a WSSAuth Authentication Module
To Add a New Web Service Security Authentication Module Instance
Adding an OAMAuth Authentication Module
To Add a New Oracle Authentication Module Instance
To Configure an Oracle Authentication Module Instance
Registering a Web Service Provider to OpenSSO STS
Requesting a Web Service Client Security Token from OpenSSO STS
Using the Security Token Generation Matrix
5. Using the Oracle OpenSSO Fedlet
6. Integrating the OpenSSO 8.0 Update 2 with Oracle Access Manager
The Web Service Security authentication module enables OpenSSO to validate a UserName with a digest password received as an authentication token and contained in a service request from the web service client to a web service provider.
The following table provides a listing and descriptions of the attributes you can configure.
Specify a user attribute that to be used to search for a user. Examples: uid, cn
Specify the realm the user belongs to. For OpenSSO STS it is always root realm, indicated by a forward slash / .
Specify a password attribute (password equivalent) for the user. The default could be userpassword, it could as well be empoyeenumber or mail.
Specify a value that indicates how much to trust an authentication mechanism. The default value is 0.
The authentication level is set separately for each method of authentication. Once a user has authenticated, this value is stored in the SSOToken for the session. When the SSOToken is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access.
If the authentication level stored in an SSOToken does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level.
0 is a low value. For example, if the user accesses the URL protocol://openssoServer:port/opensso/UI/Loin?authlevel=0, a selection menu is displayed containing all authentication module instances with an authentication level of 0 or greater, or all authentication module instances. Similarly if the user accesses the URL protocol://openssoServer:port/opensso/UI/Loin?authlevel=50, a selection menu is displayed containing authentication module instances with an authentication level of 50 or greater. Or if only one authentication module instance meets that constraint, a login screen for that authentication module instance is displayed.
If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Authentication Level.