Setting an Authentication Level for Kerberos in ISAM

Tying an authentication mechanism to an authentication level can be very useful when writing security policy in ISAM. For example you might want a password based authentication (Such as Basic Auth or Forms Auth) to map to level 1, whilst you might hold a federated identity, or something achieved through another EAI to have a higher authentication level – 2.

Within the Webseal configuration file however, there is no mention of Kerberos as an acceptable authentication type:

[authentication-levels]
#----------------------
# STEP UP
#----------------------
# authentication levels
#
# Syntax:
# level = <method-name>
#
# Valid method names are:
# unauthenticated
# password
# token-card
# ssl
# ext-auth-interface
# ltpa

The good news is that whilst the list doesn’t show Kerberos, it’s still possible to set it. just use the text:

level = kerberosv5

And you’re on your way!

Screen Shot 2015-12-17 at 2.15.01 PM

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

WordPress.com.

Up ↑

%d bloggers like this: