...

Methods (Server) (Home → Global Method Settings) represent the authentication methods of Ubisecure SSO. This view differs from the methods views in sites and is only available for the System Administrator. Site Managers have no access to this Global Method settings configuration view.

The global method settings view (Figure 1) lists all of the Ubisecure SSO authentication methods that are currently installed in Ubisecure SSO.

• Update
  By selecting the authentication method check box and clicking Update System Administrator can enable or disable the selected methods in Ubisecure SSO.
• New Method…
  By clicking the New Method… button System Administrator can add new authentication methods to the system.
• Authentication Method
  By clicking each type of authentication method the System Administrator can configure the selected authentication method. The configuration view consists of the following sub menus: Main, \[authentication method type\], Mappings, Sites, AgentsApplications, Groups

There are different types of authentication methods that Ubisecure SSO supports out-of-the-box:

...

Please refer to additional method installation guides for specific configuration instructions.

Main view

• Title
  The title of the authentication method is visible for end-users in the login pages and for administrators in the Ubisecure SSO Management application.
• Name
  The name of the authentication method is provided by the Web Agent Application to the web servers and web applications.
• Type
  This contains the technical type of the authentication method. This value will change depending on the integration technique used. Read-only value.
• Class
  This contains the java class of the authentication method. This value will change depending on the integration technique used. Read-only value. Used particularly for identifying custom authentication methods.
• Directory
  The directory that the authentication method uses. Directory can be set and changed only through the directory configuration, see Selecting directory for an authentication method.

...

• Enabled
  Enable or disable the authentication method in Ubisecure SSO.
• Hidden
  Hide this authentication method. The authentication method is never visible in the authentication method selection menu. The method can only be selected when requested by a Web AgentApplication.

• Limit Method Visibility
  Set the visibility for this authentication method by a list of network addresses separated by a space character ' '. The method is visible in the menu only if the client's network address is within any of the defined networks. If this field is empty, the method is visible to users from all network addresses. Example: 

  Code Block
  language text theme RDark
  192.168.1.0/255.255.255.0 10.1.1.0/255.255.255.0

  → The method is visible only if the client's network address is in either of the two private networks
  Some authentication method types such as Password, OTP Printout and Mobile Phone have also the following configuration fields for Account Lockout Policy.

  
  

...

• Method Attribute Mapping Table
  Name of a method attribute mapping table assigned to the method. Attribute mapping table may be accessed by clicking the name. If an attribute mapping table is assigned to the method, only the mapped attributes are available for authorization policies and web applications. If no attribute mapping table is assigned, all method attributes are available.
• Directory User Mapping Table
  Name of a directory user mapping table assigned to the method. Directory user mapping table may be accessed by clicking the name.
• SOSO Configuration
  Name of a SOSO configuration assigned to the method. SOSO configuration may be accessed by clicking the name.

Sites View

...

• Remove
  Select the Sites' check box and click Remove to remove this authentication from the selected Ubisecure Sites

...

Applications View

The Agents Applications view gives you a list of the Ubisecure Agents Applications where the selected authentication method is in use.

• Remove
  Select the AgentsApplications' check box and click Remove to remove this authentication from the selected Ubisecure AgentsApplications

Groups View

...

The Password authentication method validates users against the current system's Ubisecure Directory . Ubisecure SSO maintains the password expiry and lockout policy based on the Lockout Threshold and Lockout Duration settings in the Main tab.

...

The Authentication Provider authentication method type is used for configuring the Windows Single Sign-On authentication method, which uses Windows Authentication Provider software component.
The configuration window for Authentication Provider type authentication method is presented in Figure 7.

...

The configuration window for Mobile phone type of authentication method is presented below.

...

The configuration window for Mobile phone unregistered type of authentication method is presented below. Configuration parameters in the bottom of the page.

...

The configuration window for SMTP unregistered type of authentication method is presented below. Configuration parameters in the bottom of the page.

...

The configuration window for Ubisecure OTP Printout authentication method is presented below.

...

The configuration window for Tupas 2 type of authentication method is presented below.

...

The configuration window for OpenID Relying Party type of authentication method is presented below.

...

The configuration window for Discovery Services is presented below. Configuration is made in the Configuration String setting. Both external SAML Discovery Services (also known as Where Are You From or WAYF services) and Common Domain Cookie discovery are supported. Service Discovery is part of Ubisecure Trust.

Using an External Discovery service, the end user selects their desired Identity Provider using a third-party service. Federation networks such as Haka, Virtu and e-Legitimation offer external discovery services.

Using Common Domain Cookie discovery, the system can silently detect if the user has an existing session at a trusted third-party IDP and if so, forward authentication requests there.

Please refer to the pages

• Trust Installation Appendix - External Discovery
• Trust Installation Appendix - Common Domain Cookie Discovery

for instructions on installing and configuring the Discovery Services methods.

...

The SAML method permits configuration of a SAML Service Provider in an SAML Identity Provider Proxy configuration. The SAML Method permits an identity from a third-party system to be used on the local system. The SAML Method when used for federation a third-party system is part of the Ubisecure Trust product.
The configuration window for the SAML method type is presented below.

Please refer to the page SSO Installation Appendix - SAML IDP Proxy for instructions on installing and configuring the SAML methods. Users will access Web Agents Applications configured on this Ubisecure SSO by logging in to a third-party IDP Server first.

The opposite direction, in other words, adding a SAML Service Provider Agent Application to this Ubisecure SSO, is described in page Manage AgentsApplications.

OAuth 2.0

The OAuth 2.0 method permits configuration to Ubisecure SSO to act as a OAuth 2.0 Client in a OAuth 2.0 based use case configuration, eg to to enable external authentication based on authentication of users by certain social media services.

The The Ubisecure OAuth 2.0 Client is currently implemented specifically to enable authentication for users of certain social media services and the protocols are implemented from this standpoint. For more information please refer to the OAuth2 pages

...