IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

Policies for Applications and Authentication Services

In general, application-specific policies override authentication service-specific policies, which in turn, override general Wallet policies.

The Wallet inject password entry option default policy (pid_wallet_inject_pwd_entry_option_default) is used when the other two policies are not defined for a particular authentication service or application.

Some groups of policies have overlapping scopes. For example, policies with system scopes affect different ranges of entities.

Wallet inject password entry option default policy (pid_wallet_inject_pwd_entry_option_default)
This policy defines the default password entry option for all authentication services and applications.
Authentication inject password entry option default policy (pid_auth_inject_pwd_entry_option_default)
This policy defines the default password entry option for a specific authentication service.
Application inject password entry option default policy (pid_app_inject_pwd_entry_option_default)
This policy defines the default password entry option for a specific application.

If the Authentication service inject password entry option default policy is defined for an authentication service, it overrides the Wallet inject password entry option default policy. The Wallet inject password entry option default policy is overridden when a default password entry option is needed for the authentication service.

Similarly, if the Application inject password entry option default policy is defined for a particular application, the application policy overrides the other two policies.

See the following topics for more information.

Feedback