This chapter covers OpenAM configuration properties accessible through the Configuration tab of the console, most of which can be set by using the ssoadm command. The chapter is organized to follow the OpenAM console layout.
Under Configuration > Authentication you can configure
authentication services globally using the same attributes you use to
configure authentication modules per realm under Access Control >
Realm Name
> Authentication > Module
Instances, and described in the Administration Guide
chapter on Defining
Authentication Services.
The primary difference is that when configuring services globally, you set the default values to be used when a module is configured further for a specific realm.
The Core Authentication module includes some fields under this tab that are not
available through the realm changes under the Access Control
tab.
Because attributes set under the Configuration
tab apply on a
server level, the changes you make here will apply to all realms. Attributes
set under the Access Control
tab only apply to the realms that
you specify. The Authentication table under the Configuration
tab
lists all existing types of modules available for configuration, including any
customized modules you have added.
The following are the global fields you can configure for the Core Authentication
module under the Configuration
tab.
Add class names for custom authentication modules to this list.
ssoadm attribute:
iplanet-am-auth-authenticators
Sets a minimum and maximum number of LDAP connections in the pool
for connecting to a directory server. When tuning for production, start
with 10:65
(10 minimum, 65 maximum). Explicit settings
for specific servers override the default.
This attribute is for LDAP and Membership authentication services only.
This connection pool is different than the SDK connection pool
configured in serverconfig.xml
.
ssoadm attributes:
iplanet-am-auth-ldap-connection-pool-size
, and
iplanet-am-auth-ldap-connection-pool-default-size
Sets a minimum and maximum number of LDAP connections in the pool
for connecting to a directory server. When tuning for production, start
with 10:65
(10 minimum, 65 maximum). Explicit settings
for specific servers override the default.
This attribute is for LDAP and Membership authentication services only.
This connection pool is different than the SDK connection pool
configured in serverconfig.xml
.
ssoadm attributes:
iplanet-am-auth-ldap-connection-pool-size
, and
iplanet-am-auth-ldap-connection-pool-default-size
Require the authenticating application to send its SSOToken. This allows the Authentication Service to obtain the username and password associated with the application.
ssoadm attribute:
sunRemoteAuthSecurityEnabled
When enabled, retain objects used to process authentication or post authentication operations in the user session until the user logs out.
ssoadm attributes:
sunAMAuthKeepPostProcessInstances
, and
sunAMAuthKeepAuthModuleIntances
When enabled, the initial login screen uses the XUI.
ssoadm attribute:
openam-xui-interface-enabled