The customAuthenticator element for back-end inter-service communication

The customAuthenticator element for back-end inter-service communication

Overview

The customAuthenticator element in LotusConnections-config.xml defines some key parameters in the single sign-on (SSO) solution. The configuration settings that we can specify in this XML element only affect back-end inter-service communication in an SSO environment. The attributes for the customAuthenticator element can differ, depending on the SSO solution you have implemented. Most attributes are optional, but some might be mandatory in the context of your SSO solution.

Default attributes

The following default attributes for the customAuthenticator element are available when the customAuthenticator attribute is set to DefaultAuthenticator, TAMAuthenticator, or SiteMinderAuthenticator.

customAuthenticator The customAuthenticator primary element has two attributes, name and classname. Either or both attributes must be set to an authenticator such as Default, TAM, or SiteMinder. This attribute is mandatory.
AllowSelfSignedCerts Should be set to false in the production environment. For security and legal reasons, self-signed certificates should only be used in test environments. Default is true.
CookieTimeout Should match the value in the security proxy or WebSphere Application Server. When the TAM authenticator is in use, this value should also match the TAM inactive-timeout setting. Default is 60 minutes.
ConnectionTimeout Time period after which a connection is dropped. Default is 30 seconds.
SoTimeout This default socket value defines the length of time to wait for data. Default is 60 seconds.
MaxTotalConnections Maximum number of connections allowed overall. Default is 256 connections.
DefaultMaxConnectionsPerHost Maximum number of connections allowed per host. Default is 128 connections.

Additional attributes for Tivoli Access Manager and SiteMinder

There are additional attributes available when the customAuthenticator attribute is set to TAMAuthenticator or SiteMinderAuthenticator.

CustomLoginUsernameField This attribute key should be implicitly set to user. If we customize the username field in the login form, this setting allows a new field name to be configured for entering the username.
CustomLoginPasswordField This attribute key should be implicitly set to PASSWORD. If we customize the password field in the login form, this setting allows a new field name to be configured for entering the user password.
CustomLoginFormField This attribute key should be implicitly set to Form. If we customize the login form field in the login form, this setting allows a new field name to be configured for posting login information to this customized form.
CustomLoginFormValue This attribute key should be implicitly set to Login. If we customize the login value field in the login form, this setting allows a new value for login form to be configured for posting login information to this customized form.
FormBasedAuthLoginURL Dedicated login URL for form based authentication.

This extract from LotusConnections-config.xml shows attributes with sample values:
<customAuthenticator name="TAMAuthenticator" >
   <attribute key="AllowSelfSignedCerts" value="true" />
   <attribute key="CookieTimeout" value="60" />
   <attribute key="ConnectionTimeout" value="30" />
   <attribute key="SoTimeout" value="60" />
   <attribute key="MaxTotalConnections" value="256" />
   <attribute key="DefaultMaxConnectionsPerHost" value="128" />
   <attribute key="CustomLoginUsernameField" value="username" />
   <attribute key="CustomLoginPasswordField" value="PASSWORD" />
   <attribute key="CustomLoginFormField" value="login-form-type" />
   <attribute key="CustomLoginFormValue" value="pwd" />
   <attribute key="FormBasedAuthLoginURL" value =
    "https://myHost.myco.com:myPort/mypkmslogin.form/" />
</customAuthenticator>
Parent topic:
Configure single sign-on

customAuthenticator	The customAuthenticator primary element has two attributes, name and classname. Either or both attributes must be set to an authenticator such as Default, TAM, or SiteMinder. This attribute is mandatory.
AllowSelfSignedCerts	Should be set to false in the production environment. For security and legal reasons, self-signed certificates should only be used in test environments. Default is true.
CookieTimeout	Should match the value in the security proxy or WebSphere Application Server. When the TAM authenticator is in use, this value should also match the TAM inactive-timeout setting. Default is 60 minutes.
ConnectionTimeout	Time period after which a connection is dropped. Default is 30 seconds.
SoTimeout	This default socket value defines the length of time to wait for data. Default is 60 seconds.
MaxTotalConnections	Maximum number of connections allowed overall. Default is 256 connections.
DefaultMaxConnectionsPerHost	Maximum number of connections allowed per host. Default is 128 connections.

CustomLoginUsernameField	This attribute key should be implicitly set to user. If we customize the username field in the login form, this setting allows a new field name to be configured for entering the username.
CustomLoginPasswordField	This attribute key should be implicitly set to PASSWORD. If we customize the password field in the login form, this setting allows a new field name to be configured for entering the user password.
CustomLoginFormField	This attribute key should be implicitly set to Form. If we customize the login form field in the login form, this setting allows a new field name to be configured for posting login information to this customized form.
CustomLoginFormValue	This attribute key should be implicitly set to Login. If we customize the login value field in the login form, this setting allows a new value for login form to be configured for posting login information to this customized form.
FormBasedAuthLoginURL	Dedicated login URL for form based authentication.