+

Search Tips   |   Advanced Search


Step-up authentication properties

After enabling step-up authentication, you may need to adjust the settings to fit your business needs. You can use the admin console to create new properties, if necessary, or update existing properties.

The table given below contains all properties that apply to the appropriate portal configuration service, namely WP StepUpConfigService.

You can access the properties from the Welcome page of the administrative console by clicking Resources > Resource Environment Providers > WP StepUpConfigService > Custom properties.

All property changes require that you restarted the WebSphere_Portal server in order for the changes to take effect.

sua.enable

Use this property to enable and disable the step-up authentication mechanism.

Default: false

Type: java.lang.Boolean

sua.authLevel.enable

Use this property to provide a comma-separated list of authentication level names. The authentication levels given in this list will considered in the portal installation for step-up authentication enforcement.

Please note the following:

  1. If step-up authentication is enabled, at least the authentication level name authenticated has to be specified.

  2. If you would like to use the Remember me cookie mechanism as a distinct authentication level, make sure that it is enabled and add the authentication level name identified to this property.

Default: authenticated

Type: java.lang.String

sua.authLevel.auth_level_name.strength

Specify the authentication level strength of the authentication level with the name auth_level_name. The value is a non-negative integer that expresses the implied strength of a particular authentication method. The step-up authentication framework considers one authentication method to be stronger than another if it has been assigned a higher value.

The value 0 is reserved by the step-up authentication engine, and therefore it is not allowed to assign values less than one. While it is possible to leave gaps in the sequence of authentication level strengths, it is not possible to assign the same authentication level to multiple authentication level names. Additionally, the authentication level identified must always have a lower strength than authenticated.

Default: sua.authLevel.identified.strength = 5 sua.authLevel.authenticated.strength = 10

Type: java.lang.Integer

sua.authLevel.auth_level_name.required

Specify whether the authentication level with the name auth_level_name is optional or required. When a user accesses a resource that has an optional authentication level as the authentication level requirement, this resource may be accessed if the first required authentication level above it can be verified successfully. Moreover, when an authentication level is flagged as required, it can only be verified successfully if all required authentication levels below it can be verified successfully.

This property must not be set for the authentication level identified or authenticated.

Default: true

Type: java.lang.boolean

sua.authLevel.auth_level_name.authLevelVerifier

Specify the fully qualified name of the class that implements the com.ibm.portal.auth.sua.spi.AuthLevelVerifier SPI as well as verifying whether the authentication level of the authentication level name auth_level_name is valid for a request.

This property must not be set for the authentication level identified or authenticated.

Default: -

Type: java.lang.String

sua.authLevel.auth_level_name.stepUpAuthHandler

Specify the fully qualified name of the class that implements the com.ibm.portal.auth.sua.spi.StepUpAuthHandler SPI as well as establishing the authentication level of the authentication level name auth_level_name.

This property must not be set for the authentication level identified or authenticated.

Default: -

Type: java.lang.String

sua.authLevel.auth_level_name.postRedirectionTargetProtected

A certain authentication level is established by a step-up authentication handler by redirecting the user to another page, e.g. a portal page with a login form that takes a username and password. After the authentication level has been established successfully, the step-up authentication framework will redirect the user to the resource requested prior to the authentication level enforcement. This property specifies whether the redirection to the originally requested resource should point to the public or the protected portal area, since the implementation of the authentication level may move the user from an unauthenticated to an authenticated state.

This property must not be set for the authentication level identified or authenticated.

Default: false

Type: java.lang.Boolean

Example: true

sua.authLevel.auth_level_name.property.property_name

Specify further properties that will be available to your authentication level verifier and your step-up authentication level handler. The properties received by these implementations in their init method have the name property_name: the prefix sua.authLevel.auth_level_name.property. is omitted.

Default: -

Type: java.lang.String


Parent topic:

Secure environment on Solaris


Related tasks


Enable step-up authentication and/or the Remember me cookie
Configure Remember me for J2EE authentication