This task is used to configure BasicAuth authentication at the server. BasicAuth refers to the user ID and password of a valid user in the registry of the target server. After a request is received that contains basic authentication information, the server needs to log in to form a credential. The credential is used for authorization. If the user ID and password supplied is invalid, an exception is thrown and the request ends without invoking the resource. For more information on BasicAuth authentication, see Basic authentication for Web services.
Perform the following steps to configure the server for BasicAuth authentication:
Open the webservices.xml deployment descriptor for your Web services application in the Web Services Editor of the WebSphere Development Studio Client for iSeries. For more information, see Configure your Web services application.
Click the Security Extensions tab.
Expand the Request Receiver Service Configuration Details --> Login Config settings. Select BasicAuth to authenticate the client using a user ID and password. The client must specify a valid user ID and password in the server user registry.
Note: You can select multiple login configurations, which means that different types of security information might be received at the server. The order in which the login configurations are added decides the order in which they are processed when a request is received. This can cause problems if you have multiple login configurations added that have security tokens in common. For example, ID assertion contains a BasicAuth token. For ID assertion to work properly, list ID assertion ahead of BasicAuth in the processing list so the BasicAuth processing does not override the IDAssertion processing.
Next, use the Web Services Editor to specify how the BasicAuth authentication information is validated:
Click the Binding Configurations tab.
Expand the Request Receiver Binding Configuration Details --> Login Mapping settings.
Click Edit to view the login mapping information or click Add to add new login mapping information. The login mapping dialog appears.
Select or enter the following information:
Name | Purpose |
---|---|
Authentication method | The authentication method specifies the type of authentication that occurs. Select BasicAuth to use basic authentication. |
Configuration name | This specifies the Java Authentication and Authorization Service (JAAS) login configuration name. For the BasicAuth authentication method, enter WSLogin for the JAAS login configuration name. |
Use token value type | This option determines if you want to specify a custom token type. For the default authentication method selections, you do not need to specify this option. |
Token value type URI and Token value type URI local name | When you select BasicAuth, you cannot edit the token value type URI and local name values. These values are specified for custom authentication types. For BasicAuth authentication, you do not need to enter any information for these fields. |
Callback handler factory class name | This class name creates a JAAS CallbackHandler implementation that supports the following callbacks:
For any of the default authentication methods (BasicAuth, ID assertion, and Signature), use the callback handler factory default implementation. Enter the following class name for any of the default Authentication methods including BasicAuth: com.ibm.wsspi.wssecurity.auth.callback. WSCallbackHandlerFactoryImpl. This implementation creates the correct callback handler for the default implementations. |
Callback handler factory property name and Callback handler factory property value | This property is used to specify callback handler properties for custom callback handler factory implementations. You do not need to specify any properties for the default callback handler factory implementation. For BasicAuth, you do not need to enter any property values. |
Login mapping property name and Login mapping property value | This property is used to specify properties for a custom login mapping to use. For the default implementations including BasicAuth, you do not need to enter any property values. |
Save the file.