In this chapter we learnt at length about various authentication mechanisms supported by the OpenSSO server. With many examples, I have enabled the reader to go through tutorial-like, do-it-yourself kind of steps to perform certain authentication service configuration tasks. Configuring the SSL key stores and enabling secure transport for the Tomcat server would definitely be handy for you to set up the certificate-based authentication. Although most of the authentication services are available out of the box in the OpenSSO, if you need any custom authentication module, it can be easily implemented by following the procedure that is described in this chapter. In the last part of the chapter we did learn a lot about the Session Service and SSO token structure and properties. Session high availability and constraints are one of the critical features to implement production level SSO deployments. In the next chapter, password reset application is introduced along with the user account management. Typically, for security reasons, the enterprises enable certain password policies such as passwords expiring after every three months. In case the password has expired, the authentication page can redirect the user to a self-service password reset application. This will reduce the administrative cost to reset forgotten passwords.