Specify authentication levels
Complete the following steps to specify authentication levels.
- Edit the [authentication-levels] stanza in the WebSEAL configuration file. For each authentication method to be used for authentication level step-up, add an entry to the stanza. The supported authentication methods are described in the following table:
The default entries are:
Authentication Method Configuration File Entry None level = unauthenticated Forms authentication level = password Certificate authentication level = ssl External authentication interface level = ext-auth-interface Lightwight Third-Party Authentication (LTPA) level = ltpa OpenID Connect (OIDC) level = oidc [authentication-levels] level = unauthenticated level = passwordThe following entry must always be the first in the list: level = unauthenticated. Additional entries can be placed in any order. For example, to enable authentication strength levels for certificate authentication at the highest level, the completed stanza entry is:[authentication-levels] level = unauthenticated level = password level = ssl
- Verify that each authentication method listed in [authentication-levels] is enabled. To determine if an authentication method is enabled, check the appropriate entries in the WebSEAL configuration file. To review the necessary entries and access the authentication configuration instructions, see the following sections: Basic authentication is enabled by default.
- Use multiple authentication levels
We can associate more than one authentication level with a particular authentication mechanism.Parent topic: Authentication strength policy (step-up)