ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamy_5.4.0.1/50/webserv/wsseccfaltpacl.htm

107 lines
4.2 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Configure the Web services client for LTPA token authentication</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h6><a name="wsseccfaltpacl"></a>Configure the Web services client for LTPA token authentication</h6>
<p>When a client authenticates to WebSphere Application Server - Express, the credential that is
created contains an LTPA token. You can configure a Web service to send the LTPA token when it calls a
downstream Web service.</p>
<p><strong>Note:</strong> You can only configure client LTPA authentication for a Web service that
calls another Web service. Do not attempt to configure LTPA from a pure client. For the downstream Web
service to validate the LTPA token, the LTPA keys must be the same for both servers.</p>
<p>Do not configure the client for LTPA token authentication unless LTPA is the configured
authentication mechanism for WebSphere Application Server - Express. For more information, see <a href="../sec/seccamec.htm">Configure the authentication mechanism</a> in the <em>Security</em>
topic.</p>
<p>Perform the following steps to specify LTPA token authentication for your Web services client:</p>
<ol>
<li><p>Open the webservicesclient.xml file in the Web Services Client Editor of the WebSphere
Development Studio Client for iSeries. For more information, see <a href="astk.htm">Configure your Web
services application</a>.</p></li>
<li><p>Click the <strong>Security Extensions</strong> tab.</p></li>
<li><p>Expand the <strong>Request Sender Configuration --&gt; Login Config</strong> settings.</p></li>
<li><p>Select <strong>LTPA</strong> as the authentication method.</p></li>
<li><p>Save the file.</p></li>
</ol>
<p>Next, perform the following steps in the Web Services Client Editor to configure how the LTPA
information is collected:</p>
<ol>
<li><p>Click the <strong>Port Binding</strong> tab.</p></li>
<li><p>Expand the <strong>Security Request Sender Binding Configuration --&gt; Login Binding</strong>
settings.</p></li>
<li><p>Click <strong>Edit</strong> to view the login binding information and select
<strong>LTPA</strong>. If <strong>LTPA</strong> is not listed, enter it as an option. The login binding
dialog displays.</p></li>
<li><p>Select or enter the following information:</p>
<table border="1" cellpadding="3" cellspacing="0">
<tr valign="top">
<th>Name</th>
<th>Purpose</th>
</tr>
<tr valign="top">
<td><strong>Authentication method</strong></td>
<td>The authentication method specifies the type of authentication that occurs. Select
<strong>LTPA</strong> to use identity assertion.</td>
</tr>
<tr valign="top">
<td><strong>Token value type URI</strong> and <strong>Token value type local name</strong></td>
<td>When you select <strong>LTPA</strong>, you must edit the <strong>token value type URI</strong> and
the <strong>local name</strong> fields. These values are specified for custom authentication types,
which are authentication methods that are not mentioned in the Web services security specification.
<ul>
<li>For <strong>token value type URI</strong>, enter
<tt>http://www.ibm.com/websphere/appserver<br>
/tokentype/5.0.2</tt>.</li>
<li>For <strong>local name</strong>, enter <tt>LTPA</tt>.</li>
</ul></td>
</tr>
<tr valign="top">
<td><strong>Callback handler</strong></td>
<td>The callback handler specifies the Java Authentication and Authorization Service (JAAS) callback
handler implementation for collecting the LTPA information. Specify the
<tt>com.ibm.wsspi.wssecurity.auth.callback.<br>LTPATokenCallbackHandler</tt> implementation for LTPA.</td>
</tr>
<tr valign="top">
<td><strong>Basic authentication user ID</strong> and <strong>Basic authentication
password</strong></td>
<td>For LTPA, you can leave these fields empty.</td>
</tr>
<tr valign="top">
<td><strong>Property name</strong> and <strong>Property value</strong></td>
<td>For LTPA, you can leave these fields empty.</td>
</tr>
</table></li>
</ol>
<p><strong>Note: </strong>Examples may be wrapped for display purposes.</p>
</body>
</html>