Chapter 1. Configuration Reference

This chapter covers OpenAM configuration properties accessible through the Configuration tab of the console, most of which can be set by using the ssoadm command. The chapter is organized to follow the OpenAM console layout.

Under Configuration > Authentication you can configure authentication services globally using the same attributes you use to configure authentication modules per realm under Access Control > Realm Name > Authentication > Module Instances, and described in the Administration Guide chapter on Defining Authentication Services.

The primary difference is that when configuring services globally, you set the default values to be used when a module is configured further for a specific realm.

The Core Authentication module includes some fields under this tab that are not available through the realm changes under the Access Control tab. Because attributes set under the Configuration tab apply on a server level, the changes you make here will apply to all realms. Attributes set under the Access Control tab only apply to the realms that you specify. The Authentication table under the Configuration tab lists all existing types of modules available for configuration, including any customized modules you have added.

The following are the global fields you can configure for the Core Authentication module under the Configuration tab.

Pluggable Authentication Module Classes

Add class names for custom authentication modules to this list.

ssoadm attribute: iplanet-am-auth-authenticators

LDAP Connection Pool Size, Default LDAP Connection Pool Size

Sets a minimum and maximum number of LDAP connections in the pool for connecting to a directory server. When tuning for production, start with 10:65 (10 minimum, 65 maximum). Explicit settings for specific servers override the default.

This attribute is for LDAP and Membership authentication services only.

This connection pool is different than the SDK connection pool configured in serverconfig.xml.

ssoadm attributes: iplanet-am-auth-ldap-connection-pool-size, and iplanet-am-auth-ldap-connection-pool-default-size

LDAP Connection Pool Size, Default LDAP Connection Pool Size

Sets a minimum and maximum number of LDAP connections in the pool for connecting to a directory server. When tuning for production, start with 10:65 (10 minimum, 65 maximum). Explicit settings for specific servers override the default.

This attribute is for LDAP and Membership authentication services only.

This connection pool is different than the SDK connection pool configured in serverconfig.xml.

ssoadm attributes: iplanet-am-auth-ldap-connection-pool-size, and iplanet-am-auth-ldap-connection-pool-default-size

Remote Auth Security

Require the authenticating application to send its SSOToken. This allows the Authentication Service to obtain the username and password associated with the application.

ssoadm attribute: sunRemoteAuthSecurityEnabled

Keep Post Process Objects for Logout Processing, Keep Authentication Module Objects for Logout Processing

When enabled, retain objects used to process authentication or post authentication operations in the user session until the user logs out.

ssoadm attributes: sunAMAuthKeepPostProcessInstances, and sunAMAuthKeepAuthModuleIntances

XUI Interface

When enabled, the initial login screen uses the XUI.

ssoadm attribute: openam-xui-interface-enabled