enRoleAuthentication.properties

enRoleAuthentication.properties

The enRoleAuthentication.properties file specifies the type of method used by the ISIM Server to authenticate users and identifies the Java™ object that provides the specified authentication mechanism.
Additionally, the file specifies objects that support IBM Security Access Manager WebSEAL single sign-on and administration of IBM Security Identity Manager to managed remote services.
Authentication properties are specified with a property key and value pair format.
property-key-name=value

The property-key-name is an identifier for the authentication mechanism or resource. The value is the name of the Java object that provides the authentication service, expressed also as a key and value pair..
factory=value

The factory key name represents a special category for authentication support within the IBM Security Identity Manager software. The value is the actual name of the Java object..
For example (entered on one line).
enrole.authentication.provider.service= factory=com.ibm.enrole.authentication.service. ServiceAuthenticationProviderFactory

Table 1 defines the properties used to configure IBM Security Identity Manager authentication.

Authentication method

enrole.authentication.requiredCredentials={simple}

Specifies the required authentication method for users who log in to the IBM Security Identity Manager Server. The valid value for this property is:

simple - User name and password.

Example (default).
enrole.authentication.requiredCredentials=simple

Authentication providers (factories)

enrole.authentication.provider.simple

Java object that handles authentication with user name and password. Custom authentication providers are not supported in the IBM Security Identity Manager Server virtual appliance.
Example (entered on a single line).
enrole.authentication.provider.simple=\ factory=com.ibm.itim.authentication.simple. SimpleAuthenticationProviderFactory

Authentication service provider

enrole.authentication.provider.service

Java object that transparently handles IBM Security Identity Manager access to managed remote services and to manage changes in the accounts to these remote services..
These changes include addition, deletion, suspension, restoration, and modification of accounts on the remote service. When you log in to IBM Security Identity Manager, you can change the login and password information for an account on the managed remote service.
The ServiceAuthenticationProviderFactory mechanism works with the agent for a given remote service and processes the changed information.
Example (entered on a single line).
enrole.authentication.provider.service=\ factory=com.ibm.itim.authentication.service. ServiceAuthenticationProviderFactory

WebSEAL single sign-on

enrole.authentication.provider.webseal

Java object that allows single sign-on in a WebSEAL environment.
Example (entered on a single line).
enrole.authentication.provider.webseal=\ factory=com.ibm.itim.authentication.webseal.WebsealProviderFactory

enrole.authentication.idsEqual

Indicates the appropriate algorithm for mapping the IBM Security Access Manager user ID to an IBM Security Identity Manager user ID. An internal identity mapping algorithm is used to ensure the success of the single sign-on operation.
Valid values for this property are:.

true – The Security Access Manager user ID is the same as the IBM Security Identity Manager user ID.
false – The Security Access Manager user ID is not the same as the IBM Security Identity Manager user ID.
Example:
enrole.authentication.idsEqual=true

Parent topic: Supplemental property files

Authentication method
enrole.authentication.requiredCredentials={simple}
	Specifies the required authentication method for users who log in to the IBM Security Identity Manager Server. The valid value for this property is: simple - User name and password. Example (default). enrole.authentication.requiredCredentials=simple

Authentication providers (factories)
enrole.authentication.provider.simple
	Java object that handles authentication with user name and password. Custom authentication providers are not supported in the IBM Security Identity Manager Server virtual appliance. Example (entered on a single line). enrole.authentication.provider.simple=\ factory=com.ibm.itim.authentication.simple. SimpleAuthenticationProviderFactory

Authentication service provider
enrole.authentication.provider.service
	Java object that transparently handles IBM Security Identity Manager access to managed remote services and to manage changes in the accounts to these remote services.. These changes include addition, deletion, suspension, restoration, and modification of accounts on the remote service. When you log in to IBM Security Identity Manager, you can change the login and password information for an account on the managed remote service. The ServiceAuthenticationProviderFactory mechanism works with the agent for a given remote service and processes the changed information. Example (entered on a single line). enrole.authentication.provider.service=\ factory=com.ibm.itim.authentication.service. ServiceAuthenticationProviderFactory

WebSEAL single sign-on
enrole.authentication.provider.webseal
	Java object that allows single sign-on in a WebSEAL environment. Example (entered on a single line). enrole.authentication.provider.webseal=\ factory=com.ibm.itim.authentication.webseal.WebsealProviderFactory
enrole.authentication.idsEqual
	Indicates the appropriate algorithm for mapping the IBM Security Access Manager user ID to an IBM Security Identity Manager user ID. An internal identity mapping algorithm is used to ensure the success of the single sign-on operation. Valid values for this property are:. true – The Security Access Manager user ID is the same as the IBM Security Identity Manager user ID. false – The Security Access Manager user ID is not the same as the IBM Security Identity Manager user ID. Example: enrole.authentication.idsEqual=true