ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamy_5.4.0.1/50/webserv/wssecbascl.htm

136 lines
6.3 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Configure basic authentication for the Web services client</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h6><a name="wssecbascl"></a>Configure basic authentication for the Web services client</h6>
<p>This task is used to configure BasicAuth authentication. <em>BasicAuth</em> refers to the user ID
and password of a valid user in the registry of the target server. Collection of BasicAuth information
can occur in many ways including through a GUI prompt, a standard in (Stdin) prompt, or specified in
the bindings, which prevents user interaction. For more information on BasicAuth authentication,
see <a href="wssecbasic.htm">Basic authentication for Web services</a>.</p>
<p>To select the BasicAuth authentication method for the Web services client, perform the following
steps:</p>
<ol>
<li><p>Open the webservicesclient.xml file in the Web Services Client Editor of the WebSphere
Development Studio Client for iSeries. For more information, see <a href="astk.htm">Configure your Web
services application</a>.</p></li>
<li><p>Click the <strong>Security Extensions</strong> tab.</p></li>
<li><p>Expand the <strong>Request Sender Configuration --&gt; Login Config</strong> settings. The only
valid login configuration choices for a pure client are BasicAuth and Signature.</p></li>
<li><p>Select <strong>BasicAuth</strong> to authenticate the client using a user ID and password. This
user ID and password must be specified in the target user registry. The other choice,
<strong>Signature</strong>, attempts to authenticate the client with the certificate that is used to
digitally sign the message.</p></li>
<li><p>Save the file.</p></li>
</ol>
<p>Next, perform the following steps in the Web Services Client Editor to configure how the BasicAuth
authentication information is collected:</p>
<ol>
<li><p>Click the <strong>Port Binding</strong> tab.</p></li>
<li><p>Expand the <strong>Security Request Sender Binding Configuration --&gt; Login Binding</strong>
settings.</p></li>
<li><p>Click <strong>Edit</strong> or <strong>Enable</strong> to view the Login Binding information.
The login binding information displays.</p></li>
<li><p>Configure the following settings:</p>
<table border="1" cellpadding="3" cellspacing="0">
<tr valign="top">
<th>Name</th>
<th>Purpose</th>
</tr>
<tr valign="top">
<td><strong>Authentication method</strong></td>
<td>The authentication method specifies the type of authentication that occurs. To use basic
authentication, select <strong>BasicAuth</strong>.</td>
</tr>
<tr valign="top">
<td><strong>Token value type URI</strong> and <strong>Token value type local name</strong></td>
<td>When you select <strong>BasicAuth</strong>, you cannot edit the token value type URI and local name
values. These values are specifically for custom authentication types. For BasicAuth authentication,
you do not need to enter any information.</td>
</tr>
<tr valign="top">
<td><strong>Callback handler</strong></td>
<td>The callback handler specifies the Java Authentication and Authorization Server (JAAS) callback
handler implementation for collecting the BasicAuth information. You can use the following default
implementations for the callback handler:
<ul>
<li><p><strong>com.ibm.wsspi.wssecurity.auth.callback.<br>StdinPromptCallbackHandler</strong>
<br>This implementation is used for non-GUI console prompts.</p></li>
<li><p><strong>com.ibm.wsspi.wssecurity.auth.callback.<br>GUIPromptCallbackHandler</strong>
<br>This implementation is used for GUI panel prompts.</p></li>
<li><p><strong>com.ibm.wsspi.wssecurity.auth.callback.<br>NonPromptCallbackHandler</strong>
<br>This implementation is used when you plan to always enter the user ID and password in the
BasicAuth user ID and password section that follows.</p></li>
</ul></td>
</tr>
<tr valign="top">
<td><strong>Basic Authentication user ID</strong> and <strong>Basic Authentication
password</strong></td>
<td>When values for BasicAuth user ID and password are entered, regardless of the default callback
handler that is used, these user ID and password values are used to authenticate to the server for the
Web services security authentication.
<p>If you leave these values blank, use either the GUIPromptCallbackHandler or the
StdinPromptCallbackHandler implementation, but only on a pure client. Always fill in these values for
any Web service that acts as a client to another Web service and you want to specify BasicAuth for
authentication downstream.</p>
<p>If you want the client identity of the originator to flow downstream, configure the Web service
client to use ID assertion instead.</p></td>
</tr>
<tr valign="top">
<td><strong>Property</strong></td>
<td>This field enables you to enter properties and name and value pairs for use by custom callback
handlers. For BasicAuth authentication, you do not need to enter any information.</td>
</tr>
</table><p></p></li>
<li><p>(Optional) There is a basic authentication entry in the <strong>Port Qualified Name Binding
Details</strong> section. This entry is used for HTTP transport authentication, which may be required
if the router servlet is protected.</p>
<p>Information specified in the <strong>Web services security basic authentication</strong> section
overrides the basic authentication information specified in the <strong>Port Qualified Name Binding
Details</strong> section for authorizing the Web service.</p>
<p>For a server that acts as a client, do not specify a GUI or non-GUI prompt callback handler. To
configure BasicAuth authentication from one Web service to a downstream Web service, select the
<strong>com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHander</strong> implementation and
explicitly specify the BasicAuth user ID and password.</p>
<p>If you want the client identity of the originator to flow downstream, configure the Web service
client to use identity assertion or Lightweight Third Party Authentication (LTPA) authentication
instead.</p></li>
<li><p>Save the file.</p></li>
</ol>
<p><strong>Note: </strong>Examples may be wrapped for display purposes.</p>
</body>
</html>