Specifying authentication levels
About this task
Procedure
- Edit the [authentication-levels] stanza
in the WebSEAL configuration file. For each authentication method
to be used for authentication level step-up, add an entry to the stanza.
The supported authentication methods are described in the following table:
Table 1. Authentication methods supported for authentication strength Authentication Method Configuration File Entry None level = unauthenticatedForms authentication level = passwordCertificate authentication level = sslExternal authentication interface level = ext-auth-interfaceLightwight Third-Party Authentication (LTPA) level = ltpaOpenID Connect (OIDC)** level = oidcOAuth Authentication** level = oauthOAuth Introspection** level = oauth-introspect**Note OpenID Connect Authentication, OAuth Authentication and OAuth Introspection can only be used as authentication level one.
The default entries are:
The following entry must always be the first in the list:[authentication-levels] level = unauthenticated level = passwordlevel = unauthenticated. Additional entries can be placed in any order. For example, to enable authentication strength levels for certificate authentication at the highest level, the completed stanza entry is:[authentication-levels] level = unauthenticated level = password level = ssl - Verify that each authentication method listed in [authentication-levels] is
enabled. To determine if an authentication method is enabled, check
the appropriate entries in the WebSEAL configuration file. To review
the necessary entries and access the authentication configuration
instructions, see the following sections:
- Enabling and disabling basic authentication
- Enabling and disabling forms authentication
- Enabling certificate authentication
- Enabling and disabling OIDC authentication
Note: Basic authentication is enabled by default.