The HTTP Basic authentication module uses basic authentication in the context of HTTP communication. A web browser issues a request for a username and password, and sends the credentials to the web server as part of the authentication request. OpenSSO Enterprise
retrieves the username and password and authenticates the user using the LDAP authentication module. In order for HTTP Basic to function correctly, both the LDAP authentication module and the HTTP Basic authentication module must be added to the appropriate realm. Once the user successfully authenticates, the user will be able to authenticate again without being prompted for username and password. For information on the HTTP Basic authentication module attributes, see“HTTP Basic” in Sun OpenSSO Enterprise 8.0 Administration Reference.
JDBC
The Java Database Connectivity (JDBC) authentication module provides a mechanism to allow OpenSSO Enterprise to authenticate users through any SQL database that provides JDBC technology-enabled drivers. The connection to the SQL database can be either directly through
a JDBC driver, or through a JNDI connection pool. For information on the HTTP Basic authentication module attributes, see“JDBC” in Sun OpenSSO Enterprise 8.0 Administration Reference.
Note –This module has been tested on MySQL4.0 and Oracle 8i.
LDAP
The LDAP authentication module uses a Distinguished Name (DN) and password to
authenticate to an LDAP data store. If the submitted credentials are found in the directory, the user is authenticated and an SSOToken created. This module is enabled during OpenSSO Enterprise installation for the top level realm. For information on the LDAP authentication module attributes, see“LDAP” in Sun OpenSSO Enterprise 8.0 Administration Reference.
Membership
The Membership authentication module is implemented for personalized sites where a user is able to create an account and define preferences without the aid of an administrator. Once created, the user can access the resource as an added user. After the account is created, the user can authenticate to the appropriate OpenSSO Enterprise realm as configured. For information on the Membership authentication module attributes, see“Membership” in Sun OpenSSO Enterprise 8.0 Administration Reference.
MSISDN
The Mobile Station Integrated Services Digital Network (MSISDN) authentication module enables authentication using a mobile subscriber ISDN associated with a device such as a cellular telephone. It is a non-interactive module. The module retrieves the subscriber ISDN and compares it against the data store to find a user that matches the number. If found, the user is validated. For information on the MSISDN authentication module attributes, see“MSISDN” in Sun OpenSSO Enterprise 8.0 Administration Reference.
RADIUS
The RADIUS authentication module enables authentication to an installed and configured RADIUS server currently being used for authentication. For information on the RADIUS authentication module attributes, see“RADIUS” in Sun OpenSSO Enterprise 8.0 Administration Reference. See“Before You Begin” on page 55for special pre-configuration instructions when using the RADIUS authentication module.
SAE
The Secure Attribute Exchange (also known as Virtual Federation) authentication module is used when an external entity (such as an existing application) has already authenticated the user and wishes to securely inform a local instance of OpenSSO Enterprise to trigger the creation of
an SSOToken for the user. This module is also used when the existing entity instructs the local instance of OpenSSO Enterprise to use federation protocols to transfer authentication and attribute information to a partner application. This module can not be invoked as other authentication modules. It requires setting up parties for Secure Attribute Exchange and will be invoked internally. For information on the Secure Attribute Exchange authentication module attributes, see“SAE” in Sun OpenSSO Enterprise 8.0 Administration Reference.
SafeWord
The SafeWord authentication module handles authentication requests to Secure Computing’s SafeWordTM
or SafeWord PremierAccessTM
authentication servers. The SafeWord server may exist on the system on which OpenSSO Enterprise is installed, or on a separate system. For information on the SafeWord authentication module attributes, see“SafeWord” in Sun OpenSSO Enterprise 8.0 Administration Reference. See“Before You Begin” on page 55for special pre-configuration instructions when using the SafeWord authentication module.
SecurID
The SecurID authentication module handles authentication requests to RSA’s ACE/Server authentication servers. OpenSSO Enterprise provides the client portion of SecurID authentication. The ACE/Server may exist on the system on which OpenSSO Enterprise is installed, or on a separate system. For information on the SecurID authentication module attributes, see“SecurID” in Sun OpenSSO Enterprise 8.0 Administration Reference.
Note –The SecurID Authentication module is available for the Solaris/SPARC, Solaris/x86, Linux, and Windows platforms.
Unix
The Unix authentication module is a Pluggable Authentication Module (PAM) that authenticates user identifiers known to the Solaris or Linux system (local or NIS) on which OpenSSO Enterprise is installed. This module makes use of an authentication helper daemon called amunixd which opens a socket on a specified port in order to listen for Unix
authentication requests. This daemon process is separate from the authentication process. The PAM Service Name attribute defaults to other for Solaris, and password for Linux. For information on the Unix authentication module attributes, see“Unix” in Sun OpenSSO Enterprise 8.0 Administration Reference. For instructions on setting up and running amunixd, see“Running the Unix Authentication Helper (amunixd Daemon)” in Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.