level

Syntax

level = method-name

Description

Step-up authentication levels. WebSEAL enables authenticated users to increase the authentication level by use of step-up authentication. This key=value pair specifies which step-up authentication levels are supported by this WebSEAL server.

Do not specify an authentication level unless the authentication method is enabled. For example, you must enable either basic authentication or forms authentication before you set level = password.

Enter a separate key=value pair for each supported level. Supported levels include:

ext-auth-interface
ltpa
oidc
password
ssl
unauthenticated

The position of the entry in the file dictates the associated authentication level. The first row, typically unauthenticated, is associated with authentication level of 0. Each subsequent line is associated with the next higher level. You can add multiple entries for the same method.

It is possible for the method to set the authentication level itself. For example, an External Authentication Interface (EAI) implementation might set either authentication level of 2 or 3 depending on the authentication transaction that the client undertakes.

The EAI can set this authentication level directly in the identity attributes returned to WebSEAL. To support this implementation, you can create two identical lines in positions 3 and 4. For example:

level = unauthenticated 		(associated with level 0)
level = password 						(associated with level 1)
level = ext-auth-interface	(associated with level 2)
level = ext-auth-interface  (associated with level 3)

Options

method-name: Name of authentication method.

Usage

This stanza entry is required.

Default value

unauthenticated

password

Example

level = unauthenticated
level = password