3.14 Optional Properties

Access Manager Advanced Authentication plug-in supports the following optional properties (KEY/Value) for authentication methods:

  • REPONAME: the name of the repository that is used for Advanced Authentication. This parameter may not be used if default repo is already selected in the Login options policy of Advanced Authentication server appliance.

  • CONFIGFILE: path to configuration file. This parameter is used only if configuration file has different location. The default configuration file location for NAM AA plug-in v2.0.49 and later - /etc/aaplugin/config.xml.

  • RECHECKTIMEOUT: timeout parameter that is used to prevent loops. The default value is 300 seconds. The minimum recommended value for:

    • Email method is 120 seconds

    • FIDO U2F method is 30 seconds

    • HOTP method is 30 seconds

    • RADIUS method is 30 seconds

    • Security Question method is 30 seconds

    • Smartcard method is 30 seconds

    • Smartphone method is 60 seconds

    • SMS method is 30 seconds

    • TOTP method is 30 seconds

    • Voicecall method is 30-60 seconds

  • ERRORJSP : name of JSP page (without .jsp) for information on error. This is for critical errors and failures only, which are related to the authentication process (e.g. method is not enrolled). The default file is PluginErrorPage.jsp, it's located in /opt/novell/nids/lib/webapp/jsp (Linux), $INSTALL_PATH\Tomcat\webapps\nidp\jsp (Windows).

  • LDAPJSP: name of LDAP authentication page (without .jsp). This parameter is used for customization and allows changing page for LDAP login for each method. The default file is LdapAuth.jsp, it's located in /opt/novell/nids/lib/webapp/jsp (Linux), $INSTALL_PATH\Tomcat\webapps\nidp\jsp (Windows).

  • METHODJSP: name of method page (without .jsp). This parameter is used for customization and allows changing page for each method. The default file is <MethodName>Auth.jsp, it's located in /opt/novell/nids/lib/webapp/jsp (Linux), $INSTALL_PATH\Tomcat\webapps\nidp\jsp (Windows).

  • LDAPSYNCJSP: name of page for LDAP password synchronization (without jsp). The default file is LDAPSyncPage.jsp, it's located in /opt/novell/nids/lib/webapp/jsp (Linux), $INSTALL_PATH\Tomcat\webapps\nidp\jsp (Windows).

  • PWDMAXLENGTH: parameter that is used to restrict maximum length of the password. The default value is 100 characters. This parameter can be used only for YubiKey tokens.

  • ENROLLURL: URL to Advanced Authentication Self-Service Portal. The default value is https://<NetIQAdvancedAuthenticationFramework_server_address>:<server_port>/account.

IMPORTANT:Parameters ERRORJSP, LDAPJSP, METHODJSP, LDAPSYNCHJSP and ENROLLURL are available starting from Advanced Authentication v5.2, NAM AA plug-in v2.0.76.