Sun Java System Federation Manager 7.0 User's Guide


This module allows for users to authenticate using Secure Computing's SafeWord or SafeWord PremierAccess authentication servers. The attributes are:


Specifies the SafeWord or SafeWord PremiereAccess server name and port. Port 7482 is set as the default for a SafeWord server. The default port number for a SafeWord PremierAccess server is 5030.

Server Verification Files Directory

Specifies the directory into which the SafeWord client library places its verification files. The default is as follows:


If a different directory is specified in this field, the directory must exist before attempting SafeWord authentication.

Logging Enable

Enables SafeWord logging. By default, SafeWord logging is enabled.

Logging Level

Select the SafeWord logging level from the drop-down menu. The levels are:

Log File

Specifies the directory path and log file name for SafeWord client logging. If a path or filename different from the default is specified, it must exist before attempting SafeWord authentication. If more than one organization is configured for SafeWord authentication, and different SafeWord servers are used, different paths must be specified or only the first organization where SafeWord authentication occurs will work.

Authentication Connection Timeout

Defines the timeout period (in seconds) between the SafeWord client and the SafeWord server. The default is 120 seconds.

Client Type

Defines the Client Type that the SafeWord server uses to communicate with different clients, such as Mobile Client, VPN, Fixed Password, Challenge/Response, and so forth.

EASSP Version

This attribute specifies the Extended Authentication and Single Sign-on Protocol (EASSP) version. This field accepts either the standard (101) or premier access (201) protocol versions.

Minimum Authenticator Strength

Defines the minimum authenticator strength for the client/SafeWord server authentication. Each client type has a different authenticator value, and the higher the value, the higher the authenticator strength. 20 is the highest value possible. 0 is the lowest value possible.

Authentication Level

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication mechanism. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0.

Note –

If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Authentication Level.