enRoleAuthentication.properties

The enRoleAuthentication.properties file specifies the type of method that is used by the IVIG Server to authenticate users and identifies the Java™ object that provides the specified authentication mechanism.

Additionally, the file specifies objects that support IBM® Security Access Manager WebSEAL single sign-on and administration of IBM Verify Identity Governance to managed remote services.

Authentication properties are specified with a property key and value pair format:

property-key-name=value

The property-key-name is an identifier for the authentication mechanism or resource. The value is the name of the Java object that provides the authentication service, expressed also as a key and value pair. 

factory=value

The factory key name represents a special category for authentication support within the IBM Verify Identity Governance software. The value is the actual name of the Java object.

For example (entered on one line):

enrole.authentication.provider.service=
    factory=com.ibm.enrole.authentication.service.
    ServiceAuthenticationProviderFactory

The enRoleAuthentication.properties properties page defines the properties used to configure IBM Verify Identity Governance authentication.

enRoleAuthentication.properties properties

Authentication method
enrole.authentication.requiredCredentials={simple}

Specifies the required authentication method for users who log in to the Verify Identity Governance Server.

The valid value for this property is:
  • simple - User name and password.

Example (default):

enrole.authentication.requiredCredentials=simple
Authentication providers (factories)
enrole.authentication.provider.simple

Specifies the Java object that handles authentication with user name and password.

Example (entered on a single line):

enrole.authentication.provider.simple=\
    factory=com.ibm.itim.authentication.simple.
			SimpleAuthenticationProviderFactory
Authentication service provider
enrole.authentication.provider.service

Specifies the Java object that transparently handles IBM Verify Identity Governance access to managed remote services and to manage changes in the accounts to these remote services.

These changes include addition, deletion, suspension, restoration, and modification of accounts on the remote service. When you log in to IBM Verify Identity Governance, you can change the login and password information for an account on the managed remote service.

The ServiceAuthenticationProviderFactory mechanism works with the agent for a given remote service and processes the changed information.

Example (entered on a single line):

enrole.authentication.provider.service=\
  factory=com.ibm.itim.authentication.service.
			ServiceAuthenticationProviderFactory
WebSEAL single sign-on
enrole.authentication.provider.webseal

Specifies the Java object that allows single sign-on in a WebSEAL environment.

Example (entered on a single line):

enrole.authentication.provider.webseal=\
    factory=com.ibm.itim.authentication.webseal.WebsealProviderFactory
enrole.authentication.idsEqual

Indicates the appropriate algorithm for mapping the IBM Security Access Manager user ID to an IBM Verify Identity Governance user ID. An internal identity mapping algorithm is used to ensure the success of the single sign-on operation.

Valid values for this property are:

  • true – The Security Access Manager user ID is the same as the IBM Verify Identity Governance user ID.
  • false – The Security Access Manager user ID is not the same as the IBM Verify Identity Governance user ID.
Example: 
enrole.authentication.idsEqual=true