ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/webserv/wssecbascl.htm

105 lines
6.2 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Configure basic authentication for the Web services client</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h6><a name="wssecbascl"></a>Configure basic authentication for the Web services client</h6>
<p>This task is used to configure BasicAuth authentication. <em>BasicAuth</em> refers to the user ID and password of a valid user in the registry of the target server. Collection of BasicAuth information can occur in many ways including through a GUI prompt, a standard in (Stdin) prompt, or specified in the bindings, which prevents user interaction. For more information on BasicAuth authentication,
see <a href="wssecbasic.htm">Basic authentication for Web services</a>.</p>
<p>To select the BasicAuth authentication method for the Web services client, perform the following steps:</p>
<ol>
<li><p>Open the webservicesclient.xml file in the Web Services Client Editor of the WebSphere Development Studio Client for iSeries. For more information, see <a href="astk.htm">Configure your Web services application</a>.</p></li>
<li><p>Click the <strong>Security Extensions</strong> tab.</p></li>
<li><p>Expand the <strong>Request Sender Configuration --&gt; Login Config</strong> settings. The only valid login configuration choices for a pure client are BasicAuth and Signature.</p></li>
<li><p>Select <strong>BasicAuth</strong> to authenticate the client using a user ID and password. This user ID and password must be specified in the target user registry. The other choice, <strong>Signature</strong>, attempts to authenticate the client with the certificate that is used to digitally sign the message.</p></li>
<li><p>Save the file.</p></li>
</ol>
<p>Next, perform the following steps in the Web Services Client Editor to configure how the BasicAuth authentication information is collected:</p>
<ol>
<li><p>Click the <strong>Port Binding</strong> tab.</p></li>
<li><p>Expand the <strong>Security Request Sender Binding Configuration --&gt; Login Binding</strong> settings.</p></li>
<li><p>Click <strong>Edit</strong> or <strong>Enable</strong> to view the Login Binding information. The login binding information displays.</p></li>
<li><p>Configure the following settings:</p>
<table border="1" cellpadding="3" cellspacing="0">
<tr valign="top">
<th>Name</th>
<th>Purpose</th>
</tr>
<tr valign="top">
<td><strong>Authentication method</strong></td>
<td>The authentication method specifies the type of authentication that occurs. To use basic authentication, select <strong>BasicAuth</strong>.</td>
</tr>
<tr valign="top">
<td><strong>Token value type URI</strong> and <strong>Token value type local name</strong></td>
<td>When you select <strong>BasicAuth</strong>, you cannot edit the token value type URI and local name values. These values are specifically for custom authentication types. For BasicAuth authentication, you do not need to enter any information.</td>
</tr>
<tr valign="top">
<td><strong>Callback handler</strong></td>
<td>The callback handler specifies the Java Authentication and Authorization Server (JAAS) callback handler implementation for collecting the BasicAuth information. You can use the following default implementations for the callback handler:
<ul>
<li><p><strong>com.ibm.wsspi.wssecurity.auth.callback.
StdinPromptCallbackHandler</strong>
<br>This implementation is used for non-GUI console prompts.</p></li>
<li><p><strong>com.ibm.wsspi.wssecurity.auth.callback.
GUIPromptCallbackHandler</strong>
<br>This implementation is used for GUI panel prompts.</p></li>
<li><p><strong>com.ibm.wsspi.wssecurity.auth.callback.
NonPromptCallbackHandler</strong>
<br>This implementation is used when you plan to always enter the user ID and password in the BasicAuth user ID and password section that follows.</p></li>
</ul></td>
</tr>
<tr valign="top">
<td><strong>Basic Authentication user ID</strong> and <strong>Basic Authentication password</strong></td>
<td>When values for BasicAuth user ID and password are entered, regardless of the default callback handler that is used, these user ID and password values are used to authenticate to the server for the Web services security authentication.
<p>If you leave these values blank, use either the GUIPromptCallbackHandler or the StdinPromptCallbackHandler implementation, but only on a pure client. Always fill in these values for any Web service that acts as a client to another Web service and you want to specify BasicAuth for authentication downstream.</p>
<p>If you want the client identity of the originator to flow downstream, configure the Web service client to use ID assertion instead.</p></td>
</tr>
<tr valign="top">
<td><strong>Property</strong></td>
<td>This field enables you to enter properties and name and value pairs for use by custom callback handlers. For BasicAuth authentication, you do not need to enter any information.</td>
</tr>
</table><p></p></li>
<li><p>(Optional) There is a basic authentication entry in the <strong>Port Qualified Name Binding Details</strong> section. This entry is used for HTTP transport authentication, which may be required if
the router servlet is protected.</p>
<p>Information specified in the <strong>Web services security basic authentication</strong> section overrides the basic authentication information specified in the <strong>Port Qualified Name Binding Details</strong> section for authorizing the Web service.</p>
<p>For a server that acts as a client, do not specify a GUI or non-GUI prompt callback handler. To configure BasicAuth authentication from one Web service to a downstream Web service, select the <strong>com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHander</strong> implementation and explicitly specify the BasicAuth user ID and password.</p>
<p>If you want the client identity of the originator to flow downstream, configure the Web service
client to use identity assertion or Lightweight Third Party Authentication (LTPA) authentication instead.</p></li>
<li><p>Save the file.</p></li>
</ol>
</body>
</html>