Step-up authentication properties
After enabling step-up authentication, you may need to adjust the settings to fit your business needs. You can use the admin console to create new properties, if necessary, or update existing properties.
The table given below contains all properties that apply to the appropriate portal configuration service, namely WP StepUpConfigService.
You can access the properties from the Welcome page of the administrative console by clicking Resources > Resource Environment Providers > WP StepUpConfigService > Custom properties.
All property changes require that you restarted the WebSphere_Portal server in order for the changes to take effect.
- sua.enable
- Use this property to enable and disable the step-up authentication mechanism.
Default: false
Type: java.lang.Boolean
- sua.authLevel.enable
- Use this property to provide a comma-separated list of authentication level names. The authentication levels given in this list will considered in the portal installation for step-up authentication enforcement.
Please note the following:
- If step-up authentication is enabled, at least the authentication level name authenticated has to be specified.
- If you would like to use the Remember me cookie mechanism as a distinct authentication level, make sure that it is enabled and add the authentication level name identified to this property.
Default: authenticated
Type: java.lang.String
- sua.authLevel.auth_level_name.strength
- Specify the authentication level strength of the authentication level with the name auth_level_name. The value is a non-negative integer that expresses the implied strength of a particular authentication method. The step-up authentication framework considers one authentication method to be stronger than another if it has been assigned a higher value.
The value 0 is reserved by the step-up authentication engine, and therefore it is not allowed to assign values less than one. While it is possible to leave gaps in the sequence of authentication level strengths, it is not possible to assign the same authentication level to multiple authentication level names. Additionally, the authentication level identified must always have a lower strength than authenticated.
Default: sua.authLevel.identified.strength = 5 sua.authLevel.authenticated.strength = 10
Type: java.lang.Integer
- sua.authLevel.auth_level_name.required
- Specify whether the authentication level with the name auth_level_name is optional or required. When a user accesses a resource that has an optional authentication level as the authentication level requirement, this resource may be accessed if the first required authentication level above it can be verified successfully. Moreover, when an authentication level is flagged as required, it can only be verified successfully if all required authentication levels below it can be verified successfully.
This property must not be set for the authentication level identified or authenticated.
Default: true
Type: java.lang.boolean
- sua.authLevel.auth_level_name.authLevelVerifier
- Specify the fully qualified name of the class that implements the com.ibm.portal.auth.sua.spi.AuthLevelVerifier SPI as well as verifying whether the authentication level of the authentication level name auth_level_name is valid for a request.
This property must not be set for the authentication level identified or authenticated.
Default: -
Type: java.lang.String
- sua.authLevel.auth_level_name.stepUpAuthHandler
- Specify the fully qualified name of the class that implements the com.ibm.portal.auth.sua.spi.StepUpAuthHandler SPI as well as establishing the authentication level of the authentication level name auth_level_name.
This property must not be set for the authentication level identified or authenticated.
Default: -
Type: java.lang.String
- sua.authLevel.auth_level_name.postRedirectionTargetProtected
- A certain authentication level is established by a step-up authentication handler by redirecting the user to another page, e.g. a portal page with a login form that takes a username and password. After the authentication level has been established successfully, the step-up authentication framework will redirect the user to the resource requested prior to the authentication level enforcement. This property specifies whether the redirection to the originally requested resource should point to the public or the protected portal area, since the implementation of the authentication level may move the user from an unauthenticated to an authenticated state.
This property must not be set for the authentication level identified or authenticated.
Default: false
Type: java.lang.Boolean
Example: true
- sua.authLevel.auth_level_name.property.property_name
- Specify further properties that will be available to your authentication level verifier and your step-up authentication level handler. The properties received by these implementations in their init method have the name property_name: the prefix sua.authLevel.auth_level_name.property. is omitted.
Default: -
Type: java.lang.String
Parent topic:
Secure environment on AIX
Related tasks
Enable step-up authentication and/or the Remember me cookie
Configure Remember me for J2EE authentication