Selecting an authentication mechanism

Information about users and groups reside in a user registry. In WebSphere Application Server, a user registry authenticates a user and retrieves information about users and groups to perform security-related functions, including authentication and authorization.

About this task

[z/OS] Implementation is provided to support multiple operating system or operating environment-based user registries such as z/OS System Authorization Facility (SAF) registry and most of the major Lightweight Directory Access Protocol (LDAP)-based user registries. You can use the custom LDAP feature to support any LDAP server by setting up the correct configuration (user and group filters). However, support is not extended to these custom LDAP servers because there are many possibilities that cannot be tested.

[AIX HP-UX Linux Solaris Windows] Implementation is provided to support multiple operating system or operating environment-based user registries and most of the major Lightweight Directory Access Protocol (LDAP)-based user registries. You can use the custom LDAP feature to support any LDAP server by setting up the correct configuration (user and group filters). However, support is not extended to these custom LDAP servers because there are many possibilities that cannot be tested.

The next step in setting up security is to select an authentication mechanism. An authentication mechanism defines rules about security information. For example, the authentication mechanism determines whether a credential is forwardable to another Java process. The authentication mechanism defines the format of how security information is stored in both credentials and tokens. Authentication is the process of establishing whether a client is valid in a particular context. A client can be either an end user, a machine, or an application.

[z/OS] An authentication mechanism in WebSphere Application Server typically collaborates closely with a user registry. The user registry is the user and groups accounts repository that the authentication mechanism consults with when performing authentication. The authentication mechanism is responsible for creating a credential which is an internal product representation of successfully authenticated client user. Not all credentials are created equal. The abilities of the credential are determined by the configured authentication mechanism.

Although the Application Server provides several authentication mechanisms, only a single active authentication mechanism can be configured at one time. The active authentication mechanism is selected when configuring WebSphere Application Server global security. The following steps explain how to select the authentication mechanism that you want to use for your configuration.

Procedure

  1. Click Security > Global security.
  2. Under Authentication, expand Authentication mechanisms.
  3. Click the name of the authentication method that you want to use. Depending upon your product and platform, different authentication mechanism are available.
    [z/OS] To use Simple WebSphere Authentication Mechanism (SWAM), no setup is needed as it is the default authentication mechanism.
    Restriction: SWAM is only valid in a base installation. It is not supported for WebSphere Application Server Network Deployment

    To use Lightweight Third Party Authentication (LTPA) as your authentication mechanism, see Configuring the Lightweight Third Party Authentication mechanism.

    [z/OS] To use Integrated Cryptographic Services Facility (ICSF) as your authentication mechanism, see Configuring ICSF as the authentication mechanism.
    Note: In future releases, IBM intends to deprecate the ICSF authentication mechanism. It is recommended that you migrate to LTPA. For more information on LTPA, see Lightweight Third Party Authentication.

What to do next

For more information on how to configure global security, see Enabling security for all application servers.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 9:31:45 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-mp&topic=tsecauthentication
File name: tsec_authentication.html