The entire set of session creation methods of the Universal Messaging client API for Java (nsp/ nsps/ nhp/ nhps, native and JMS) have been extended in Universal Messaging 9.6 with overloaded variants that accept username/password credentials which are then supplied to the UM server, and the UM server has been enhanced to enable those credentials to be authenticated against pluggable Directory backends, ranging from LDAP to flat files.

The exchange of user credentials can be performed by means of either SASL (embedded within the Universal Messaging SDK) or JAAS (controlled by user-configurable pluggable modules).

The configuration is determined by a set of Java system properties on both the client and server side, the latter typically centralized in the nserver.conf configuration file.

Note that authentication does not supplant the traditional Universal Messaging ACLs and is merely an additional security step performed before the relevant ACLs are evaluated and applied.