obligation
<obligation> = <authentication-level>Description
Define the mappings between the obligation levels the policy decision point (PDP) returns and the WebSEAL step-up authentication levels. Include a separate entry for each obligation that runtime security services (RTSS) returns to the runtime security services EAS.
The mapping between the obligation levels and the WebSEAL authentication levels must be one-to-one. The user must authenticate only through the appropriate obligation mechanisms.
The runtime security services EAS maps the obligation to the authentication level specified in this stanza and requests WebSEAL to authenticate the user at that level.
Options
<obligation> The name of the obligation that RTSS returns to the runtime security services EAS. <authentication-level> The WebSEAL authentication level the runtime security services EAS includes in the WebSEAL request. This value is a number representing the authentication level in the [authentication-levels] stanza. Each entry in the [authentication-levels] is assigned a number based on its position in the list; the first entry is level 0. For information, see the IBM Security Verify Access: Web Reverse Proxy Configuration Guide and search for specifying authentication levels.
Usage:
This stanza entry is required.
Default: None.
Example:
life_questions=2 otp=3 email=4 voice=5Parent topic: [obligations-levels-mapping] stanza