125 lines
5.7 KiB
HTML
125 lines
5.7 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
|
||
|
|
||
|
<title>Configure identity assertion authentication for a Web services client</title>
|
||
|
</head>
|
||
|
|
||
|
<BODY>
|
||
|
<!-- Java sync-link -->
|
||
|
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
||
|
|
||
|
<h6><a name="wsseccfidautcl"></a>Configure identity assertion authentication for a Web services
|
||
|
client</h6>
|
||
|
|
||
|
<p>This task is used to configure identity assertion authentication. The purpose of identity assertion
|
||
|
is to assert the authenticated identity of the originating client from a Web service to a downstream
|
||
|
Web service. Do not attempt to configure identity assertion from a pure client. Identity assertion
|
||
|
works only when you configure on the client-side of a Web service acting as a client to a downstream
|
||
|
Web service.</p>
|
||
|
|
||
|
<p>In order for the downstream Web service to accept the identity of the originating client (just the
|
||
|
user name), you must supply a special trusted BasicAuth credential that the downstream Web service
|
||
|
trusts and can authenticate successfully. You must specify the user ID of the special BasicAuth
|
||
|
credential in a trusted ID evaluator on the downstream Web service configuration. For more information
|
||
|
on trusted ID evaluators, see <a href="wssectrustid.htm">Trusted ID evaluators</a>.</p>
|
||
|
|
||
|
<p>Perform the following steps in the WebSphere Development Studio Client for iSeries to specify
|
||
|
identity assertion authentication for your Web services client:</p>
|
||
|
|
||
|
<ol>
|
||
|
<li><p>Open the webservicesclient.xml file in the Web Services Client Editor of the WebSphere
|
||
|
Development Studio Client for iSeries. For more information, see <a href="astk.htm">Configure your Web
|
||
|
services application</a>.</p></li>
|
||
|
|
||
|
<li><p>Click the <strong>Security Extensions</strong> tab.</p></li>
|
||
|
|
||
|
<li><p>Expand the <strong>Request Sender Configuration --> Login Config</strong> settings.</p></li>
|
||
|
|
||
|
<li><p>Select <strong>IDAssertion</strong> as the authentication method.</p></li>
|
||
|
|
||
|
<li><p>Expand the <strong>Identity Assertion</strong> section.</p></li>
|
||
|
|
||
|
<li><p>For the <strong>ID Type</strong>, select <strong>Username</strong>. This works with all registry
|
||
|
types and originating authentication methods.</p></li>
|
||
|
|
||
|
<li><p>For the <strong>Trust Mode</strong>, select either <strong>BasicAuth</strong> or
|
||
|
<strong>Signature</strong>.</p>
|
||
|
<ul>
|
||
|
<li><p>If you select <strong>BasicAuth</strong>, you must include basic authentication information
|
||
|
(user ID and password), which the downstream Web service has specified in the trusted ID evaluator as a
|
||
|
trusted user ID. You specify the user ID and password information later, on the <strong>Port
|
||
|
Binding</strong> tab.</p></li>
|
||
|
<li><p>If you select <strong>Signature</strong>, the certificate configured in the <strong>Signature
|
||
|
Information</strong> section used to sign the data also is used as the trusted subject. The Signature
|
||
|
is used to create a credential and the user ID, which the certificate mapped to the downstream
|
||
|
registry, is used in the trusted ID evaluator as a trusted user ID.</p></li>
|
||
|
</ul></li>
|
||
|
|
||
|
<li><p>Save the file.</p></li>
|
||
|
</ol>
|
||
|
|
||
|
<p>Next, perform the following steps with the Web Services Client Editor to specify how the identity
|
||
|
assertion informatino is collected:</p>
|
||
|
|
||
|
<ol>
|
||
|
<li><p>Click the <strong>Port Binding</strong> tab.</p></li>
|
||
|
<li><p>Expand the <strong>Security Request Sender Binding Configuration --> Login Binding</strong>
|
||
|
settings.</p></li>
|
||
|
<li><p>Click <strong>Edit</strong> to view the login binding information and select
|
||
|
<strong>IDAssertion</strong>. The login binding dialog displays.</p></li>
|
||
|
|
||
|
<li><p>Select or enter the following information:</p>
|
||
|
|
||
|
<table border="1" cellpadding="3" cellspacing="0">
|
||
|
<tr>
|
||
|
<th>Name</th>
|
||
|
<th>Purpose</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td><strong>Authentication method</strong></td>
|
||
|
<td>The authentication method specifies the type of authentication that occurs. Select
|
||
|
<strong>IDAssertion</strong> to use identity assertion.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td><strong>Token value type URI</strong> and <strong>Token value type Local name</strong></td>
|
||
|
<td>When you select IDAssertion, you cannot edit the token value type URI and the local name. These
|
||
|
values are specifically for custom authentication types. For IDAssertion authentication, you do not
|
||
|
need to enter any information.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td><strong>Callback handler</strong></td>
|
||
|
<td>The callback handler specifies the Java Authentication and Authorization Service (JAAS) callback
|
||
|
handler implementation for collecting the BasicAuth information. Specify the
|
||
|
<code>com.ibm.wsspi.wssecurity.auth.callback.<br>NonPromptCallbackHandler</code> implementation for
|
||
|
IDAssertion.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td><strong>Basic authentication User ID</strong> and <strong>Basic authentication
|
||
|
Password</strong></td>
|
||
|
<td>If the trust mode entered in the extensions is BasicAuth, you must specify the trusted user ID and
|
||
|
password in these fields. The user ID specified must be an ID that is trusted by the downstream Web
|
||
|
service. The Web service trusts the user ID if it is entered as a trusted ID in a trusted ID evaluator
|
||
|
in the downstream Web service bindings. If the trust mode entered in the extensions is Signature, you
|
||
|
do not need to specify any information in this field.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td><strong>Property Name</strong> and <strong>Property Value</strong></td>
|
||
|
<td>This field enables you to enter properties and name and value pairs, for use by custom callback
|
||
|
handlers. For IDAssertion, you do not need to specify any information in this field.</td>
|
||
|
</tr>
|
||
|
</table><p></p></li>
|
||
|
|
||
|
<li><p>Save the file.</p></li>
|
||
|
</ol>
|
||
|
<p><strong>Note: </strong>Examples may be wrapped for display purposes.</p>
|
||
|
</body>
|
||
|
</html>
|