...
The new authentication method needs to be added to Ubisecure SSO. Open Ubisecure Management with administrative privileges and navigate to Home→ Methods → Global Method Settings. The new authentication method should be added there:
|
|---|
Add configuration string parameters:
| Code Block | ||||
|---|---|---|---|---|
| ||||
policy.password.encoding=SSHA policy.lockout.threshold=5 policy.password.duration=20 policy.password.expiring=36000 policy.password.max-age=43200 policy.password.min-age=30 policy.password.history=5 policy.password.length=8 policy.password.complexity=true policy.password.charset=utf-8 |
| Configuration | Description |
|---|---|
policy.password.encoding |
...
The password encoding algorithm. Default value is SSHA. OPTIONAL. Supported values: SSHA512, SHA512, SSHA384, SHA384, SSHA256, SHA256, SSHA, SHA, PKCS5S2, PBKDF2, MD4, PLAIN | |
| Settings controlling password threat management: | |
|---|---|
policy.lockout.threshold | |
...
| The number of tries the user can try to enter the wrong password before the account is locked. The default value is 5 tries. OPTIONAL. | |
policy.lockout.duration |
...
| The duration of account locking after too many bad tries in minutes. The default value is 20 minutes. Usually, a longer lockout duration is not recommended. OPTIONAL. | |
| Settings controlling password renewal: | |
|---|---|
policy.password.expiring | |
...
| If user's password is older than this he/she is given a chance to change the password. Setting value is in minutes. OPTIONAL. | |
policy.password.max-age |
...
| A maximum age for external directory password. User is forced to change password if his/her password is older than this. Setting value is in minutes. OPTIONAL. | |
policy.password.min-age |
...
| The external directory password cannot be changed again before password minimum age has passed. Setting value is in minutes. OPTIONAL. | |
policy.password.history |
...
| How many previous passwords the system remembers. The user can not change his/her password back to a previous one. OPTIONAL. | |
| Settings controlling password strength: | |
|---|---|
policy.password.length | |
...
| A minimum length for the new password. Setting value is a non negative number of characters. OPTIONAL. | |
policy.password.complexity |
...
| If set to true, the user password has to have at least three of the possible character types: letters, capital letters, numbers, and other characters. OPTIONAL. | |
policy.password.charset |
...
| Allowed password characters and character set used with password encoding. Use either ASCII or UTF-8, default is UTF-8. OPTIONAL. |
Finishing the Installation of Authentication Method and driver
...
After you have updated Ubisecure Server, check from the diagnostics log that the added authentication methods have started properly. The uas3_diag.yyyy-mm-dd.log file is found in the ubilogin-sso/ubilogin/logs directory.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
2010-05-25 09:31:28,332 tech INFO SQLDirectory: directory-spi-sql Microsoft SQL Server 9.00.4053 2010-05-25 09:31:28,332 init INFO password.sql.1: ubilogin.method.provider.spi.DirectoryPasswordMethod: started |
Then you can use the Ubisecure Server Management application to enable the SQL specific authentication methods in a Web Agent Application and test the authentication using credentials found in the SQL database.