Risk-Based Authentication Login Module Options
You need the RBALoginModule for two-factor authentication cases without OTP authentication, when a user authenticates with a client certificate and a password instead of a passcode for example.
|
Name |
Value |
Description |
|---|---|---|
|
tfa.first.factor.login.module or tfa.second.factor.login.module |
BasicPasswordLoginModule |
The value of the this option defines the first or the second factor of authentication. For more information about basic authentication, see Basic Authentication (User ID and Password) |
|
ClientCertLoginModule |
When you log on with a certificate, the value of the option has to be ClientCertLoginModule. For more information about certificate authentication, see X.509 Client Certificates. |
|
|
SPNegoLoginModule |
When you log on with a Kerberos token, the value of the option has to be SPNegoLoginModule. For more information about Kerberos authentication, see Using Kerberos Authentication |
|
|
<name of third-party login module> |
You can use a third-party login module as a factor for OTP authentication. For more information, see Integrating Third-Party Login Modules |
|
| policy |
<name of policy> |
This option is used for otp&pwd mode only, and its value must match with the name of the policy script created in the Policy Script Administration Console at http(s)://<host>:<port>/ssoadmin/scripts. For more information, see Working with Policy Scripts |
|
<login module>.<login module option> |
<value of login module option> |
You can use all options from of the login modules used. You can define a user mapping for basic password login module for example with the option BasicPasswordLoginModule.UserMappingMode. More Information: |
|
log.http.headers |
<string> Note
If you specify multiple headers, define them in a comma separated list. |
Specifies which headers are used and shown in the logs. One or a combination of the following headers is used by default: Host, Referer, User-agent, Accept, Accept-Language, Connection, Cookie |