Under Configuration > Authentication you can configure
authentication services globally using the same attributes you use to
configure authentication modules per realm under Access Control >
Realm Name
> Authentication > Module
Instances, and described in the Administration Guide
chapter on Defining
Authentication Services.
The primary difference is that when configuring services globally, you set the default values to be used when a module is configured further for a specific realm.
The Core Authentication module includes some fields under this tab that are not
available through the realm changes under the Access Control
tab.
Because attributes set under the Configuration
tab apply on a
server level, the changes you make here will apply to all realms. Attributes
set under the Access Control
tab only apply to the realms that
you specify. The Authentication table under the Configuration
tab
lists all existing types of modules available for configuration, including any
customized modules you have added.
The following are the global fields you can configure for the Core Authentication
module under the Configuration
tab.
- Pluggable Authentication Module Classes
-
Add class names for custom authentication modules to this list.
ssoadm attribute:
iplanet-am-auth-authenticators
- LDAP Connection Pool Size, Default LDAP Connection Pool Size
-
Sets a minimum and maximum number of LDAP connections in the pool for connecting to a directory server. When tuning for production, start with
10:65
(10 minimum, 65 maximum). Explicit settings for specific servers override the default.This attribute is for LDAP and Membership authentication services only.
This connection pool is different than the SDK connection pool configured in
serverconfig.xml
.ssoadm attributes:
iplanet-am-auth-ldap-connection-pool-size
, andiplanet-am-auth-ldap-connection-pool-default-size
- LDAP Connection Pool Size, Default LDAP Connection Pool Size
-
Sets a minimum and maximum number of LDAP connections in the pool for connecting to a directory server. When tuning for production, start with
10:65
(10 minimum, 65 maximum). Explicit settings for specific servers override the default.This attribute is for LDAP and Membership authentication services only.
This connection pool is different than the SDK connection pool configured in
serverconfig.xml
.ssoadm attributes:
iplanet-am-auth-ldap-connection-pool-size
, andiplanet-am-auth-ldap-connection-pool-default-size
- Remote Auth Security
-
Require the authenticating application to send its SSOToken. This allows the Authentication Service to obtain the username and password associated with the application.
ssoadm attribute:
sunRemoteAuthSecurityEnabled
- Keep Post Process Objects for Logout Processing, Keep Authentication Module Objects for Logout Processing
-
When enabled, retain objects used to process authentication or post authentication operations in the user session until the user logs out.
ssoadm attributes:
sunAMAuthKeepPostProcessInstances
, andsunAMAuthKeepAuthModuleIntances
- XUI Interface
-
When enabled, the initial login screen uses the XUI.
ssoadm attribute:
openam-xui-interface-enabled