89 lines
4.1 KiB
HTML
89 lines
4.1 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
|
||
|
|
||
|
<title>Configure the Web services client for LTPA token authentication</title>
|
||
|
</head>
|
||
|
|
||
|
<BODY>
|
||
|
<!-- Java sync-link -->
|
||
|
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
||
|
|
||
|
<h6><a name="wsseccfaltpacl"></a>Configure the Web services client for LTPA token authentication</h6>
|
||
|
|
||
|
<p>When a client authenticates to WebSphere Application Server - Express, the credential that is created contains an LTPA token. You can configure a Web service to send the LTPA token when it calls a downstream Web service.</p>
|
||
|
|
||
|
<p><strong>Note:</strong> You can only configure client LTPA authentication for a Web service that calls another Web service. Do not attempt to configure LTPA from a pure client. For the downstream Web service to validate the LTPA token, the LTPA keys must be the same for both servers.</p>
|
||
|
|
||
|
<p>Do not configure the client for LTPA token authentication unless LTPA is the configured authentication mechanism for WebSphere Application Server - Express. For more information, see <a href="../sec/seccamec.htm">Configure the authentication mechanism</a> in the <em>Security</em> topic.</p>
|
||
|
|
||
|
<p>Perform the following steps to specify LTPA token authentication for your Web services client:</p>
|
||
|
|
||
|
<ol>
|
||
|
<li><p>Open the webservicesclient.xml file in the Web Services Client Editor of the WebSphere Development Studio Client for iSeries. For more information, see <a href="astk.htm">Configure your Web services application</a>.</p></li>
|
||
|
|
||
|
<li><p>Click the <strong>Security Extensions</strong> tab.</p></li>
|
||
|
|
||
|
<li><p>Expand the <strong>Request Sender Configuration --> Login Config</strong> settings.</p></li>
|
||
|
|
||
|
<li><p>Select <strong>LTPA</strong> as the authentication method.</p></li>
|
||
|
|
||
|
<li><p>Save the file.</p></li>
|
||
|
</ol>
|
||
|
|
||
|
<p>Next, perform the following steps in the Web Services Client Editor to configure how the LTPA information is collected:</p>
|
||
|
|
||
|
<ol>
|
||
|
<li><p>Click the <strong>Port Binding</strong> tab.</p></li>
|
||
|
|
||
|
<li><p>Expand the <strong>Security Request Sender Binding Configuration --> Login Binding</strong> settings.</p></li>
|
||
|
|
||
|
<li><p>Click <strong>Edit</strong> to view the login binding information and select <strong>LTPA</strong>. If <strong>LTPA</strong> is not listed, enter it as an option. The login binding dialog displays.</p></li>
|
||
|
|
||
|
<li><p>Select or enter the following information:</p>
|
||
|
|
||
|
<table border="1" cellpadding="3" cellspacing="0">
|
||
|
<tr valign="top">
|
||
|
<th>Name</th>
|
||
|
<th>Purpose</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr valign="top">
|
||
|
<td><strong>Authentication method</strong></td>
|
||
|
<td>The authentication method specifies the type of authentication that occurs. Select <strong>LTPA</strong> to use identity assertion.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr valign="top">
|
||
|
<td><strong>Token value type URI</strong> and <strong>Token value type local name</strong></td>
|
||
|
<td>When you select <strong>LTPA</strong>, you must edit the <strong>token value type URI</strong> and the <strong>local name</strong> fields. These values are specified for custom authentication types, which are authentication methods that are not mentioned in the Web services security specification.
|
||
|
<ul>
|
||
|
<li>For <strong>token value type URI</strong>, enter <tt>http://www.ibm.com/websphere/appserver/
|
||
|
tokentype/5.0.2</tt>.</li>
|
||
|
<li>For <strong>local name</strong>, enter <tt>LTPA</tt>.</li>
|
||
|
</ul></td>
|
||
|
</tr>
|
||
|
|
||
|
<tr valign="top">
|
||
|
<td><strong>Callback handler</strong></td>
|
||
|
|
||
|
<td>The callback handler specifies the Java Authentication and Authorization Service (JAAS) callback handler implementation for collecting the LTPA information. Specify the <tt>com.ibm.wsspi.wssecurity.auth.callback.
|
||
|
LTPATokenCallbackHandler</tt> implementation for LTPA.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr valign="top">
|
||
|
<td><strong>Basic authentication user ID</strong> and <strong>Basic authentication password</strong></td>
|
||
|
<td>For LTPA, you can leave these fields empty.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr valign="top">
|
||
|
<td><strong>Property name</strong> and <strong>Property value</strong></td>
|
||
|
<td>For LTPA, you can leave these fields empty.</td>
|
||
|
</tr>
|
||
|
</table></li>
|
||
|
</ol>
|
||
|
|
||
|
</body>
|
||
|
</html>
|