...
- Update
By selecting the authentication method check box and clicking Update System Administrator can enable or disable the selected methods in Ubisecure SSO. - New Method…
By clicking the New Method… button System Administrator can add new authentication methods to the system. - Authentication Method
By clicking each type of authentication method the System Administrator can configure the selected authentication method. The configuration view consists of the following sub menus: Main, \ [authentication method type\], Mappings, Sites, Applications, Groups
...
- SAML 2 Class Reference
Defines the URI of the authentication method class.
This field is optional. Some federation networks or third-party products may require a value. It is used in the SAML protocol messages to refer a group of authentication methods that share similar properties. This value is not unique to each authentication method – the same value may be assigned to many similar methods.This value is used in response messages to set the AuthnContextClassRef value of the AuthnContext element of the AuthStatement. Authentication Context Classes are defined in Section 4.3 of the Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0 http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdfThis value is also used to determine which methods satisfy a requested authentication context class (RequestedAuthnContext) in an incoming AuthnRequest. This is used to determine which method or methods will be available to the user for login.
Typical class references used includeCode Block language text theme RDark urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorUnregistered urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport urn:oasis:names:tc:SAML:2.0:ac:classes:X509 urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
Selection of the appropriate class reference depends on many configuration factors and deployment profile guidelines.
...
- Enabled
Enable or disable the authentication method in Ubisecure SSO. - Hidden
Hide this authentication method. The authentication method is never visible in the authentication method selection menu. The method can only be selected when requested by a Web Application. Limit Method Visibility
Set the visibility for this authentication method by a list of network addresses separated by a space character ' '. The method is visible in the menu only if the client's network address is within any of the defined networks. If this field is empty, the method is visible to users from all network addresses. Example:Code Block language text theme RDark 192.168.1.0/255.255.255.0 10.1.1.0/255.255.255.0
→ The method is visible only if the client's network address is in either of the two private networks
Some authentication method types such as Password, OTP Printout and Mobile Phone have also the following configuration fields for Account Lockout Policy.
...
- Remove
Select the Applications' check box and click Remove to remove this authentication from the selected Ubisecure Applications
...
- Remove
Select the Groups' check box and click Remove to remove this authentication from the selected Ubisecure Groups
...