Configure basic authentication for the Web services client

This task is used to configure BasicAuth authentication. BasicAuth refers to the user ID and password of a valid user in the registry of the target server. Collection of BasicAuth information can occur in many ways including through a GUI prompt, a standard in (Stdin) prompt, or specified in the bindings, which prevents user interaction. For more information on BasicAuth authentication, see Basic authentication for Web services.

To select the BasicAuth authentication method for the Web services client, perform the following steps:

  1. Open the webservicesclient.xml file in the Web Services Client Editor of the WebSphere Development Studio Client for iSeries. For more information, see Configure your Web services application.

  2. Click the Security Extensions tab.

  3. Expand the Request Sender Configuration --> Login Config settings. The only valid login configuration choices for a pure client are BasicAuth and Signature.

  4. Select BasicAuth to authenticate the client using a user ID and password. This user ID and password must be specified in the target user registry. The other choice, Signature, attempts to authenticate the client with the certificate that is used to digitally sign the message.

  5. Save the file.

Next, perform the following steps in the Web Services Client Editor to configure how the BasicAuth authentication information is collected:

  1. Click the Port Binding tab.

  2. Expand the Security Request Sender Binding Configuration --> Login Binding settings.

  3. Click Edit or Enable to view the Login Binding information. The login binding information displays.

  4. Configure the following settings:

    Name Purpose
    Authentication method The authentication method specifies the type of authentication that occurs. To use basic authentication, select BasicAuth.
    Token value type URI and Token value type local name When you select BasicAuth, you cannot edit the token value type URI and local name values. These values are specifically for custom authentication types. For BasicAuth authentication, you do not need to enter any information.
    Callback handler The callback handler specifies the Java Authentication and Authorization Server (JAAS) callback handler implementation for collecting the BasicAuth information. You can use the following default implementations for the callback handler:

    • com.ibm.wsspi.wssecurity.auth.callback. StdinPromptCallbackHandler
      This implementation is used for non-GUI console prompts.

    • com.ibm.wsspi.wssecurity.auth.callback. GUIPromptCallbackHandler
      This implementation is used for GUI panel prompts.

    • com.ibm.wsspi.wssecurity.auth.callback. NonPromptCallbackHandler
      This implementation is used when you plan to always enter the user ID and password in the BasicAuth user ID and password section that follows.
    Basic Authentication user ID and Basic Authentication password When values for BasicAuth user ID and password are entered, regardless of the default callback handler that is used, these user ID and password values are used to authenticate to the server for the Web services security authentication.

    If you leave these values blank, use either the GUIPromptCallbackHandler or the StdinPromptCallbackHandler implementation, but only on a pure client. Always fill in these values for any Web service that acts as a client to another Web service and you want to specify BasicAuth for authentication downstream.

    If you want the client identity of the originator to flow downstream, configure the Web service client to use ID assertion instead.
    Property This field enables you to enter properties and name and value pairs for use by custom callback handlers. For BasicAuth authentication, you do not need to enter any information.

  5. (Optional) There is a basic authentication entry in the Port Qualified Name Binding Details section. This entry is used for HTTP transport authentication, which may be required if the router servlet is protected.

    Information specified in the Web services security basic authentication section overrides the basic authentication information specified in the Port Qualified Name Binding Details section for authorizing the Web service.

    For a server that acts as a client, do not specify a GUI or non-GUI prompt callback handler. To configure BasicAuth authentication from one Web service to a downstream Web service, select the com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHander implementation and explicitly specify the BasicAuth user ID and password.

    If you want the client identity of the originator to flow downstream, configure the Web service client to use identity assertion or Lightweight Third Party Authentication (LTPA) authentication instead.

  6. Save the file.