--- title: Authentication and session module configuration description: This appendix includes configuration details for the authentication modules described in Authentication and Session Modules. component: pingidm version: 8.1 page_id: pingidm:auth-guide:appendix-auth-modules canonical_url: https://docs.pingidentity.com/pingidm/8.1/auth-guide/appendix-auth-modules.html keywords: ["Authentication", "Sessions", "Internal Users", "Certificates", "Passthrough Authentication"] --- # Authentication and session module configuration This appendix includes configuration details for the authentication modules described in [Authentication and Session Modules](auth-session-modules.html). Authentication modules, as configured in the `authentication.json` file, include a number of properties. **Session Module** | Authentication Property | Property as Listed in the Admin UI | Description | | ----------------------- | ---------------------------------- | ------------------------------------------------------------------------------------------------------- | | `keyAlias` | (not shown) | Used by the Jetty Web server to service SSL requests. | | `maxTokenLifeMinutes` | Max Token Life (in seconds) | Maximum time before a session is cancelled. Note the different units for the property and the UI. | | `tokenIdleTimeMinutes` | Token Idle Time (in seconds) | Maximum time before an idle session is cancelled. Note the different units for the property and the UI. | | `sessionOnly` | Session Only | Whether the session continues after browser restarts. | **Static User Module** | Authentication Property | Property as Listed in the Admin UI | Description | | ----------------------- | ---------------------------------- | --------------------------------------------------- | | `enabled` | Module Enabled | Does IDM use the module? | | `queryOnResource` | Query on Resource | Endpoint hard coded to user `anonymous` | | `username` | Static User Name | Default for the static user, `anonymous` | | `password` | Static User Password | Default for the static user, `anonymous` | | `defaultUserRoles` | Static User Role | Normally set to `openidm-reg` for self-registration | The following table applies to several authentication modules: * Managed User * Internal User * Client Cert * Passthrough **Common Module Properties** | Authentication Property | Property as Listed in the Admin UI | Description | | ------------------------ | ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `enabled` | Module Enabled | Does IDM use the module? | | `queryOnResource` | Query on Resource | Endpoint to query | | `queryId` | Use Query ID | A defined `queryId` searches against the `queryOnResource` endpoint. An undefined `queryId` searches against `queryOnResource` with `action=reauthenticate` | | `defaultUserRoles` | Default User Roles | Normally blank for managed users | | `authenticationId` | Authentication ID | Defines how account credentials are derived from a `queryOnResource` endpoint | | `userCredential` | User Credential | Defines how account credentials are derived from a `queryOnResource` endpoint; if required, typically `password` or `userPassword` | | `userRoles` | User Roles | Defines how account roles are derived from a `queryOnResource` endpoint | | `groupMembership` | Group Membership | Provides more information for calculated roles | | `groupRoleMapping` | Group Role Mapping | Provides more information for calculated roles | | `groupComparisonMethod` | Group Comparison Method | Provides more information for calculated roles | | `augmentSecurityContext` | Augment Security Context | Includes a script that is executed only after a successful authentication request. For more information on this property, refer to [Authenticate as a different user](auth-run-as.html). |