Configuring an external SSO connection

Name

(required) The descriptive name for the provider.

Description

(optional) description for the provider connection.

AlternateURL

Specifies a URL to be used as a connection option if a connection cannot be established with the primary URL.

AuthenticationType

Specifies an authorization type to use:
None
Simple
Strong
Java Naming and Directory Interface (JNDI) provider-specific definition

If you leave this parameter blank, the system uses the default authentication type.

ConnectionName

Specifies the user name to use when establishing a connection to the directory for LDAP operations.
You can leave parameter blank, provided that the ConnectionPassword is also blank.

ConnectionPassword

Password associated with ConnectionName. When you select this parameter, the standard output stream displays debug messages.

ConnectionURL

(required) The connection URL passed to the JNDI driver when establishing a connection to the directory.

ContextFactory

(required) The fully qualified Java class name of the JNDI context factory to be used for this connection. By default, the standard JNDI LDAP provider context factory populates this field.

DereferenceAliases

This service provider allows control over how aliases are dereferenced in the following ways:
Always
Never
Finding
Searching

If this attribute is not set, the default is used.

Digest

Specifies the digest algorithm to apply to the plain text password before comparing the password with the value retrieved from the directory. Valid values are those that are accepted for the algorithm by the java.securityi.MessageDigest.class.This parameter is not required unless there is a configured UserPassword.

DigestEncoding

Character coding used for message digests. The default is UTF-8.

Protocol

Specifies the protocol to use. If left blank, the provider's default is used.

Referrals

Specifies how the provider processes referrals:

Follow
Ignore
Throw

If a value is not specified, the JNDI provider determines the value.

RoleBase

Identifies the base directory entry for performing role searches.

RoleName

Identifies the attribute containing role names in the directory entries found during a role search.

RoleSearch

The LDAP filter expression used for performing role searches. This parameter follows the syntax supported by the java.text.MessageFormat.class.

RoleSubtree

Searches the entire subtree of the element specified in the RoleBase parameter for role entries associated with the user. By default, the top level is searched.

UserBase

Specifies the base element for user searches performed using the UserSearch expression. Not used if you are using the UserPattern expression for user searches.

UserPassword

The attribute in the user's entry that contains the user's password. If this value is not set, the provider attempts a simple bind to the directory using the distinguished name (DN) of the user's entry and password specified by the user. The system interprets a successful bind as an authenticated user.

UserPattern

Identifies a pattern of the user's directory entry distinguished name (DN). This value follows the syntax supported by the java.MessageFormat.class}}with {{{0} marking where the actual user name would be inserted. Use this property in place of UserSearch, UserSubtree, and UserBase when the DN contains the user name and is otherwise the same for all users.

UserRoleName

The attribute in the user's directory entry containing values for the roles assigned to this user. If this value is not specified, all the roles for a user derive from the role search.

UserSearch

The LDAP filter expression to use when searching for a user's directory entry.

UserSubtree

By default, the top level of the subtree of the element specified by the UserBase attribute is searched for the user's entry. Select this box to search the entire subtree. This parameter is not used if you use the UserPattern expression.