Username module properties

Username module properties

Appliance property Self or Partner Mode Description

username.password.options PARTNER, SELF Issue Include the password in the token:

2

Include the digest of the password value

3

Include the password in clear text

4

Do not include the password

Default value is 4.

username.add.nonce SELF Issue Include the nonce (random bits used for obfuscating the element) in the token. The default is true.
Set to true to include a nonce in the token.

Set to false to exclude the nonce.

When you specify to issue no password, this value is ineffective.

username.add.timestamp SELF Issue Include creation time, or timestamp, in the token. The default is true.
Set to true to add the timestamp.

Set to false to exclude the timestamp.

username.password.validator SELF Validate User registry option to use. Valid values are:

ISAMRTE, for the Verify Access runtime option
TAMRD, for the Verify Access user registry option
LDAP, for the non-Verify Access user registry option

username.skip.password.validation SELF Validate Disable password validation. The default is false.
Set to true to skip validation.

Set to false to enable validation.

username.server.connection.id SELF Validate If TAMRD is specified for username.password.validator, specify the server connection ID. This is the name of the previously configured server connection which holds the settings for the Verify Access LDAP registry.
This property is required if password validation is not skipped.

username.tamrd.management.domain SELF Validate If TAMRD is specified for username.password.validator, specify the Verify Access management domain. The default is Default.

username.tamrd.login.failures.persistent SELF Validate If TAMRD is specified for username.password.validator, specify if log in failures are persistent. The default is false.
Set to true to persist the failures.

Set to false to not persist.

username.tamrd.maximum.server.connections SELF Validate If TAMRD is specified for username.password.validator, specify the maximum number of server connections that are allowed. The default is 16.

username.rte.bind.dn SELF Validate If ISAMRTE is specified for username.password.validator, specify the username used to authenticate to the primary LDAP server.
For example, cn=SecurityMaster,secAuthority=Default.

username.rte.bind.pwd SELF Validate If ISAMRTE is specified for username.password.validator, specify the password used to authenticate to the primary LDAP server.

username.rte.enableSSL SELF Validate Enable SSL. The default is false. Set to true to enable SSL. Then, define the username.rte.sslTrustStore property. Set to false to disable SSL.

username.rte.sslTrustStore SELF Validate Name of the certificate database to use for the SSL connection, if username.rte.enableSSL is set to true.

username.ldap.server.connection.id SELF Validate If LDAP is specified for username.password.validator, specify the name of the server connection that holds the required LDAP settings to access the LDAP user registry. For example, my-isam-user-registry.

username.ldap.maximum.server.connections SELF Validate If LDAP is specified for username.password.validator, specify the maximum number of connections to make to the LDAP user registry. For example, 16.

username.ldap.base.dn SELF Validate If LDAP is specified for username.password.validator, specify an LDAP base DN to search. For example, dn o=ibm,c=us.

username.ldap.search.filter SELF Validate If LDAP is specified for username.password.validator, specify an LDAP search filter. For example, ((objectClass=ePerson)(objectClass=Person)).

username.ldap.user.id.attribute SELF Validate If LDAP is specified for username.password.validator, specify an LDAP attribute that stores the username. The LDAP attribute must uniquely identify a user. For example, uid.

username.validate.freshness PARTNER Validate Enables the time validity check, based on created time and the amount of time permitted after the issue. The default is true.
Set to true to validate freshness.

Set to false for no validation.

If this property is not set, then the value of the property username.freshness.limit is checked to see if the time validation check needs to be performed.

username.freshness.limit PARTNER Validate Specifies, in seconds, the amount of time the Username token is valid after being issued.
Default: 300 seconds

A value of -1 means the token does not expire.

Parent topic: Token module properties

Appliance property	Self or Partner	Mode	Description
username.password.options	PARTNER, SELF	Issue	Include the password in the token: 2 Include the digest of the password value 3 Include the password in clear text 4 Do not include the password Default value is 4.
username.add.nonce	SELF	Issue	Include the nonce (random bits used for obfuscating the element) in the token. The default is true. Set to true to include a nonce in the token. Set to false to exclude the nonce. When you specify to issue no password, this value is ineffective.
username.add.timestamp	SELF	Issue	Include creation time, or timestamp, in the token. The default is true. Set to true to add the timestamp. Set to false to exclude the timestamp.
username.password.validator	SELF	Validate	User registry option to use. Valid values are: ISAMRTE, for the Verify Access runtime option TAMRD, for the Verify Access user registry option LDAP, for the non-Verify Access user registry option
username.skip.password.validation	SELF	Validate	Disable password validation. The default is false. Set to true to skip validation. Set to false to enable validation.
username.server.connection.id	SELF	Validate	If TAMRD is specified for username.password.validator, specify the server connection ID. This is the name of the previously configured server connection which holds the settings for the Verify Access LDAP registry. This property is required if password validation is not skipped.
username.tamrd.management.domain	SELF	Validate	If TAMRD is specified for username.password.validator, specify the Verify Access management domain. The default is Default.
username.tamrd.login.failures.persistent	SELF	Validate	If TAMRD is specified for username.password.validator, specify if log in failures are persistent. The default is false. Set to true to persist the failures. Set to false to not persist.
username.tamrd.maximum.server.connections	SELF	Validate	If TAMRD is specified for username.password.validator, specify the maximum number of server connections that are allowed. The default is 16.
username.rte.bind.dn	SELF	Validate	If ISAMRTE is specified for username.password.validator, specify the username used to authenticate to the primary LDAP server. For example, cn=SecurityMaster,secAuthority=Default.
username.rte.bind.pwd	SELF	Validate	If ISAMRTE is specified for username.password.validator, specify the password used to authenticate to the primary LDAP server.
username.rte.enableSSL	SELF	Validate	Enable SSL. The default is false. Set to true to enable SSL. Then, define the username.rte.sslTrustStore property. Set to false to disable SSL.
username.rte.sslTrustStore	SELF	Validate	Name of the certificate database to use for the SSL connection, if username.rte.enableSSL is set to true.
username.ldap.server.connection.id	SELF	Validate	If LDAP is specified for username.password.validator, specify the name of the server connection that holds the required LDAP settings to access the LDAP user registry. For example, my-isam-user-registry.
username.ldap.maximum.server.connections	SELF	Validate	If LDAP is specified for username.password.validator, specify the maximum number of connections to make to the LDAP user registry. For example, 16.
username.ldap.base.dn	SELF	Validate	If LDAP is specified for username.password.validator, specify an LDAP base DN to search. For example, dn o=ibm,c=us.
username.ldap.search.filter	SELF	Validate	If LDAP is specified for username.password.validator, specify an LDAP search filter. For example, ((objectClass=ePerson)(objectClass=Person)).
username.ldap.user.id.attribute	SELF	Validate	If LDAP is specified for username.password.validator, specify an LDAP attribute that stores the username. The LDAP attribute must uniquely identify a user. For example, uid.
username.validate.freshness	PARTNER	Validate	Enables the time validity check, based on created time and the amount of time permitted after the issue. The default is true. Set to true to validate freshness. Set to false for no validation. If this property is not set, then the value of the property username.freshness.limit is checked to see if the time validation check needs to be performed.
username.freshness.limit	PARTNER	Validate	Specifies, in seconds, the amount of time the Username token is valid after being issued. Default: 300 seconds A value of -1 means the token does not expire.