Username module properties

You can define Username module self or partner properties.

Table 1. Username module properties
Appliance property	Self or Partner	Mode	Description
username.password.options	PARTNER, SELF	Issue	Specifies the option for including the password in the token: 2 Include the digest of the password value 3 Include the password in clear text 4 Do not include the password Default value is 4.
username.add.nonce	SELF	Issue	Specifies whether to include the nonce (random bits used for obfuscating the element) in the token. The default is `true`. Set to `true` to include a nonce in the token. Set to `false` to exclude the nonce. When you specify to issue no password, this value is ineffective.
username.add.timestamp	SELF	Issue	Specifies whether to include creation time, or timestamp, in the token. The default is `true`. Set to `true` to add the timestamp. Set to `false` to exclude the timestamp.
username.password.validator	SELF	Validate	Specifies the user registry option to use. Valid values are: `ISAMRTE`, for the Access Manager runtime option `TAMRD`, for the Access Manager user registry option `LDAP`, for the non-Access Manager user registry option
username.skip.password.validation	SELF	Validate	Specifies whether to disable password validation. The default is `false`. Set to `true` to skip validation. Set to `false` to enable validation.
username.server.connection.id	SELF	Validate	If `TAMRD` is specified for username.password.validator, specify the server connection ID. This is the name of the previously configured server connection which holds the settings for the Access Manager LDAP registry. This property is required if password validation is not skipped.
username.tamrd.management.domain	SELF	Validate	If `TAMRD` is specified for username.password.validator, specify the Access Manager management domain. The default is `Default`.
username.tamrd.login.failures.persistent	SELF	Validate	If `TAMRD` is specified for username.password.validator, specify if log in failures are persistent. The default is `false`. Set to `true` to persist the failures. Set to `false` to not persist.
username.tamrd.maximum.server.connections	SELF	Validate	If `TAMRD` is specified for username.password.validator, specify the maximum number of server connections that are allowed. The default is 16.
username.rte.bind.dn	SELF	Validate	If `ISAMRTE` is specified for username.password.validator, specify the username used to authenticate to the primary LDAP server. For example, `cn=SecurityMaster,secAuthority=Default`.
username.rte.bind.pwd	SELF	Validate	If `ISAMRTE` is specified for username.password.validator, specify the password used to authenticate to the primary LDAP server.
username.rte.enableSSL	SELF	Validate	Specifies whether to enable SSL. The default is `false`. Set to `true` to enable SSL. Then, define the username.rte.sslTrustStore property. Set to `false` to disable SSL.
username.rte.sslTrustStore	SELF	Validate	Specifies the name of the certificate database to use for the SSL connection, if username.rte.enableSSL is set to `true`.
username.ldap.server.connection.id	SELF	Validate	If `LDAP` is specified for username.password.validator, specify the name of the server connection that holds the required LDAP settings to access the LDAP user registry. For example, `my-isam-user-registry`.
username.ldap.maximum.server.connections	SELF	Validate	If `LDAP` is specified for username.password.validator, specify the maximum number of connections to make to the LDAP user registry. For example, `16`.
username.ldap.base.dn	SELF	Validate	If `LDAP` is specified for username.password.validator, specify an LDAP base DN to search. For example, `dn o=ibm,c=us`.
username.ldap.search.filter	SELF	Validate	If `LDAP` is specified for username.password.validator, specify an LDAP search filter. For example, `((objectClass=ePerson)(objectClass=Person))`.
username.ldap.user.id.attribute	SELF	Validate	If `LDAP` is specified for username.password.validator, specify an LDAP attribute that stores the username. The LDAP attribute must uniquely identify a user. For example, `uid`.
username.validate.freshness	PARTNER	Validate	Enables the time validity check, based on created time and the amount of time permitted after the issue. The default is `true`. Set to `true` to validate freshness. Set to `false` for no validation. If this property is not set, then the value of the property username.freshness.limit is checked to see if the time validation check needs to be performed.
username.freshness.limit	PARTNER	Validate	Specifies, in seconds, the amount of time the Username token is valid after being issued. Default: `300` seconds A value of `-1` means that the token does not expire.