Setting an Authentication Level for Kerberos in ISAM

Tying an authentication mechanism to an authentication level can be very useful when writing security policy in ISAM. For example you might want a password based authentication (Such as Basic Auth or Forms Auth) to map to level 1, whilst you might hold a federated identity, or something achieved through another EAI to have a higher authentication level – 2.

Within the Webseal configuration file however, there is no mention of Kerberos as an acceptable authentication type:

[authentication-levels]
#----------------------
# STEP UP
#----------------------
# authentication levels
#
# Syntax:
# level = <method-name>
#
# Valid method names are:
# unauthenticated
# password
# token-card
# ssl
# ext-auth-interface
# ltpa

The good news is that whilst the list doesn’t show Kerberos, it’s still possible to set it. just use the text:

level = kerberosv5

And you’re on your way!

Screen Shot 2015-12-17 at 2.15.01 PM

 

Comments are closed.

WordPress.com.

Up ↑

%d bloggers like this: