Data Governance Broker Documentation Index
Configuration Reference Home

Authentication Context Class

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

An Authentication Context Class specifies a set of authentication requirements that must be met before access to a resource (e.g. OAuth2 Scope) may be granted.

Relations from This Component
Relations to This Component
Properties
dsconfig Usage

Relations from This Component

The following components have a direct aggregation relation from Authentication Context Classes:

Relations to This Component

The following components have a direct aggregation relation to Authentication Context Classes:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
↓ description  None
↓ name
↓ login-authentication-chain
↓ second-factor-authentication-chain
↓ login-expiration-interval
↓ second-factor-expiration-interval

Basic Properties

description

Description
A description for this Authentication Context Class
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

name (Read-Only)

Description
The name of the Authentication Context Class.
Default Value
None
Allowed Values
An Authentication Context Class name may not contain spaces.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

login-authentication-chain

Description
Specifies the login authentication chain that should be used to satisfy this Authentication Context Class.
Default Value
If not specified, the Authentication Service specifies the default value.
Allowed Values
The DN of any Authentication Chain.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

second-factor-authentication-chain

Description
Specifies the second-factor authentication chain that should be used to satisfy this Authentication Context Class.
Default Value
If not specified and second-factor-expiration-interval is set, the default second-factor authentication chain will be used.
Allowed Values
The DN of any Authentication Chain.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

login-expiration-interval

Description
The length of time since the last login before the user is required to login again.
Default Value
If not set, then the user is not required to login again as long as their session is still valid.
Allowed Values
A duration. Lower limit is 1 seconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

second-factor-expiration-interval

Description
If set, the user will be prompted for second-factor authentication at this interval.
Default Value
If neither this property nor the second-factor-authentication-chain property is set, then second-factor authentication is not required by this Authentication Context Class.
Allowed Values
A duration. Lower limit is 1 seconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Authentication Context Classes:

dsconfig list-authentication-context-classes
     [--property {propertyName}] ...

To view the configuration for an existing Authentication Context Class:

dsconfig get-authentication-context-class-prop
     --class-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Authentication Context Class:

dsconfig set-authentication-context-class-prop
     --class-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Authentication Context Class:

dsconfig create-authentication-context-class
     --class-name {name}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Authentication Context Class:

dsconfig delete-authentication-context-class
     --class-name {name}