ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamy_5.4.0.1/50/webserv/wssecbascl.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">

<title>Configure basic authentication for the Web services client</title>
</head>

<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>

<h6><a name="wssecbascl"></a>Configure basic authentication for the Web services client</h6>

<p>This task is used to configure BasicAuth authentication. <em>BasicAuth</em> refers to the user ID 
and password of a valid user in the registry of the target server. Collection of BasicAuth information 
can occur in many ways including through a GUI prompt, a standard in (Stdin) prompt, or specified in 
the bindings, which prevents user interaction. For more information on BasicAuth authentication,
see <a href="wssecbasic.htm">Basic authentication for Web services</a>.</p>

<p>To select the BasicAuth authentication method for the Web services client, perform the following 
steps:</p>

<ol>
<li><p>Open the webservicesclient.xml file in the Web Services Client Editor of the WebSphere 
Development Studio Client for iSeries. For more information, see <a href="astk.htm">Configure your Web 
services application</a>.</p></li>

<li><p>Click the <strong>Security Extensions</strong> tab.</p></li>

<li><p>Expand the <strong>Request Sender Configuration --&gt; Login Config</strong> settings. The only 
valid login configuration choices for a pure client are BasicAuth and Signature.</p></li>

<li><p>Select <strong>BasicAuth</strong> to authenticate the client using a user ID and password. This 
user ID and password must be specified in the target user registry. The other choice, 
<strong>Signature</strong>, attempts to authenticate the client with the certificate that is used to 
digitally sign the message.</p></li>

<li><p>Save the file.</p></li>
</ol>

<p>Next, perform the following steps in the Web Services Client Editor to configure how the BasicAuth 
authentication information is collected:</p>

<ol>
<li><p>Click the <strong>Port Binding</strong> tab.</p></li>

<li><p>Expand the <strong>Security Request Sender Binding Configuration --&gt; Login Binding</strong> 
settings.</p></li>

<li><p>Click <strong>Edit</strong> or <strong>Enable</strong> to view the Login Binding information. 
The login binding information displays.</p></li>

<li><p>Configure the following settings:</p>


<table border="1" cellpadding="3" cellspacing="0">
<tr valign="top">
<th>Name</th>
<th>Purpose</th>
</tr>

<tr valign="top">
<td><strong>Authentication method</strong></td>
<td>The authentication method specifies the type of authentication that occurs. To use basic 
authentication, select <strong>BasicAuth</strong>.</td>
</tr>

<tr valign="top">
<td><strong>Token value type URI</strong> and <strong>Token value type local name</strong></td>
<td>When you select <strong>BasicAuth</strong>, you cannot edit the token value type URI and local name 
values. These values are specifically for custom authentication types. For BasicAuth authentication, 
you do not need to enter any information.</td>
</tr>

<tr valign="top">
<td><strong>Callback handler</strong></td>
<td>The callback handler specifies the Java Authentication and Authorization Server (JAAS) callback 
handler implementation for collecting the BasicAuth information. You can use the following default 
implementations for the callback handler:
    <ul>
    <li><p><strong>com.ibm.wsspi.wssecurity.auth.callback.<br>StdinPromptCallbackHandler</strong>
    <br>This implementation is used for non-GUI console prompts.</p></li>

    <li><p><strong>com.ibm.wsspi.wssecurity.auth.callback.<br>GUIPromptCallbackHandler</strong>
    <br>This implementation is used for GUI panel prompts.</p></li>

    <li><p><strong>com.ibm.wsspi.wssecurity.auth.callback.<br>NonPromptCallbackHandler</strong>
    <br>This implementation is used when you plan to always enter the user ID and password in the 
BasicAuth user ID and password section that follows.</p></li>
    </ul></td>
</tr>

<tr valign="top">
<td><strong>Basic Authentication user ID</strong> and <strong>Basic Authentication 
password</strong></td>
<td>When values for BasicAuth user ID and password are entered, regardless of the default callback 
handler that is used, these user ID and password values are used to authenticate to the server for the 
Web services security authentication.
<p>If you leave these values blank, use either the GUIPromptCallbackHandler or the 
StdinPromptCallbackHandler implementation, but only on a pure client. Always fill in these values for 
any Web service that acts as a client to another Web service and you want to specify BasicAuth for 
authentication downstream.</p>
<p>If you want the client identity of the originator to flow downstream, configure the Web service 
client to use ID assertion instead.</p></td>
</tr>

<tr valign="top">
<td><strong>Property</strong></td>
<td>This field enables you to enter properties and name and value pairs for use by custom callback 
handlers. For BasicAuth authentication, you do not need to enter any information.</td>
</tr>
</table><p></p></li>

<li><p>(Optional) There is a basic authentication entry in the <strong>Port Qualified Name Binding 
Details</strong> section. This entry is used for HTTP transport authentication, which may be required 
if the router servlet is protected.</p>
<p>Information specified in the <strong>Web services security basic authentication</strong> section 
overrides the basic authentication information specified in the <strong>Port Qualified Name Binding 
Details</strong> section for authorizing the Web service.</p>
<p>For a server that acts as a client, do not specify a GUI or non-GUI prompt callback handler. To 
configure BasicAuth authentication from one Web service to a downstream Web service, select the 
<strong>com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHander</strong> implementation and 
explicitly specify the BasicAuth user ID and password.</p>
<p>If you want the client identity of the originator to flow downstream, configure the Web service
client to use identity assertion or Lightweight Third Party Authentication (LTPA) authentication 
instead.</p></li>

<li><p>Save the file.</p></li>
</ol>
<p><strong>Note: </strong>Examples may be wrapped for display purposes.</p>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">`
			`<html>`
			`<head>`
			`<META http-equiv="Content-Type" content="text/html; charset=utf-8">`
			`<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">`

			`<title>Configure basic authentication for the Web services client</title>`
			`</head>`

			`<BODY>`
			`<!-- Java sync-link -->`
			`<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>`

			`<h6><a name="wssecbascl"></a>Configure basic authentication for the Web services client</h6>`

			`<p>This task is used to configure BasicAuth authentication. <em>BasicAuth</em> refers to the user ID`
			`and password of a valid user in the registry of the target server. Collection of BasicAuth information`
			`can occur in many ways including through a GUI prompt, a standard in (Stdin) prompt, or specified in`
			`the bindings, which prevents user interaction. For more information on BasicAuth authentication,`
			`see <a href="wssecbasic.htm">Basic authentication for Web services</a>.</p>`

			`<p>To select the BasicAuth authentication method for the Web services client, perform the following`
			`steps:</p>`

			`<ol>`
			`<li><p>Open the webservicesclient.xml file in the Web Services Client Editor of the WebSphere`
			`Development Studio Client for iSeries. For more information, see <a href="astk.htm">Configure your Web`
			`services application</a>.</p></li>`

			`<li><p>Click the <strong>Security Extensions</strong> tab.</p></li>`

			`<li><p>Expand the <strong>Request Sender Configuration --> Login Config</strong> settings. The only`
			`valid login configuration choices for a pure client are BasicAuth and Signature.</p></li>`

			`<li><p>Select <strong>BasicAuth</strong> to authenticate the client using a user ID and password. This`
			`user ID and password must be specified in the target user registry. The other choice,`
			`<strong>Signature</strong>, attempts to authenticate the client with the certificate that is used to`
			`digitally sign the message.</p></li>`

			`<li><p>Save the file.</p></li>`
			`</ol>`

			`<p>Next, perform the following steps in the Web Services Client Editor to configure how the BasicAuth`
			`authentication information is collected:</p>`

			`<ol>`
			`<li><p>Click the <strong>Port Binding</strong> tab.</p></li>`

			`<li><p>Expand the <strong>Security Request Sender Binding Configuration --> Login Binding</strong>`
			`settings.</p></li>`

			`<li><p>Click <strong>Edit</strong> or <strong>Enable</strong> to view the Login Binding information.`
			`The login binding information displays.</p></li>`

			`<li><p>Configure the following settings:</p>`


			`<table border="1" cellpadding="3" cellspacing="0">`
			`<tr valign="top">`
			`<th>Name</th>`
			`<th>Purpose</th>`
			`</tr>`

			`<tr valign="top">`
			`<td><strong>Authentication method</strong></td>`
			`<td>The authentication method specifies the type of authentication that occurs. To use basic`
			`authentication, select <strong>BasicAuth</strong>.</td>`
			`</tr>`

			`<tr valign="top">`
			`<td><strong>Token value type URI</strong> and <strong>Token value type local name</strong></td>`
			`<td>When you select <strong>BasicAuth</strong>, you cannot edit the token value type URI and local name`
			`values. These values are specifically for custom authentication types. For BasicAuth authentication,`
			`you do not need to enter any information.</td>`
			`</tr>`

			`<tr valign="top">`
			`<td><strong>Callback handler</strong></td>`
			`<td>The callback handler specifies the Java Authentication and Authorization Server (JAAS) callback`
			`handler implementation for collecting the BasicAuth information. You can use the following default`
			`implementations for the callback handler:`
			`<ul>`
			`<li><p><strong>com.ibm.wsspi.wssecurity.auth.callback.<br>StdinPromptCallbackHandler</strong>`
			`<br>This implementation is used for non-GUI console prompts.</p></li>`

			`<li><p><strong>com.ibm.wsspi.wssecurity.auth.callback.<br>GUIPromptCallbackHandler</strong>`
			`<br>This implementation is used for GUI panel prompts.</p></li>`

			`<li><p><strong>com.ibm.wsspi.wssecurity.auth.callback.<br>NonPromptCallbackHandler</strong>`
			`<br>This implementation is used when you plan to always enter the user ID and password in the`
			`BasicAuth user ID and password section that follows.</p></li>`
			`</ul></td>`
			`</tr>`

			`<tr valign="top">`
			`<td><strong>Basic Authentication user ID</strong> and <strong>Basic Authentication`
			`password</strong></td>`
			`<td>When values for BasicAuth user ID and password are entered, regardless of the default callback`
			`handler that is used, these user ID and password values are used to authenticate to the server for the`
			`Web services security authentication.`
			`<p>If you leave these values blank, use either the GUIPromptCallbackHandler or the`
			`StdinPromptCallbackHandler implementation, but only on a pure client. Always fill in these values for`
			`any Web service that acts as a client to another Web service and you want to specify BasicAuth for`
			`authentication downstream.</p>`
			`<p>If you want the client identity of the originator to flow downstream, configure the Web service`
			`client to use ID assertion instead.</p></td>`
			`</tr>`

			`<tr valign="top">`
			`<td><strong>Property</strong></td>`
			`<td>This field enables you to enter properties and name and value pairs for use by custom callback`
			`handlers. For BasicAuth authentication, you do not need to enter any information.</td>`
			`</tr>`
			`</table><p></p></li>`

			`<li><p>(Optional) There is a basic authentication entry in the <strong>Port Qualified Name Binding`
			`Details</strong> section. This entry is used for HTTP transport authentication, which may be required`
			`if the router servlet is protected.</p>`
			`<p>Information specified in the <strong>Web services security basic authentication</strong> section`
			`overrides the basic authentication information specified in the <strong>Port Qualified Name Binding`
			`Details</strong> section for authorizing the Web service.</p>`
			`<p>For a server that acts as a client, do not specify a GUI or non-GUI prompt callback handler. To`
			`configure BasicAuth authentication from one Web service to a downstream Web service, select the`
			`<strong>com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHander</strong> implementation and`
			`explicitly specify the BasicAuth user ID and password.</p>`
			`<p>If you want the client identity of the originator to flow downstream, configure the Web service`
			`client to use identity assertion or Lightweight Third Party Authentication (LTPA) authentication`
			`instead.</p></li>`

			`<li><p>Save the file.</p></li>`
			`</ol>`
			`<p><strong>Note: </strong>Examples may be wrapped for display purposes.</p>`
			`</body>`
			`</html>`