WebSphere Application Server Version 6.1 Feature Pack for Web Services
             Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows

             Personalize the table of contents and search results

Example 2: Configuring basic authentication, identity assertion, and client certificates

This example is the same as example 1, except for the interaction from client C2 to server S2. Therefore, the configuration of example 1 still is valid, but you have to modify server S2 slightly and add a configuration for client C2. The configuration is not modified for C1 or S1.

About this task

Procedure

  1. Configure client C2 for transport layer authentication (Secure Sockets Layer (SSL) client certificates).
    1. Point the client to the sas.client.props file.

      [AIX HP-UX Linux Solaris Windows] Use the com.ibm.CORBA.ConfigURL=file:/C:/was/properties/sas.client.props property. All further configuration involves setting properties within this file.

      [i5/OS] Use the com.ibm.CORBA.ConfigURL=file:/profile_root /properties/sas.client.props property. The profile_root variable is the specific profile that you are working with. All further configuration involves setting properties within this file.

    2. Enable SSL.
      In this case, SSL is supported but not required:

      com.ibm.CSI.performTransportAssocSSLTLSSupported=true,
      com.ibm.CSI.performTransportAssocSSLTLSRequired=false

    3. Disable client authentication at the message layer.

      com.ibm.CSI.performClientAuthenticationRequired=false,
      com.ibm.CSI.performClientAuthenticationSupported=false

    4. Enable client authentication at the transport layer where it is supported, but not required.

      com.ibm.CSI.performTLClientAuthenticationRequired=false,
      com.ibm.CSI.performTLClientAuthenticationSupported=true

  2. Configure the server, S2.

    In the administrative console, server S2 is configured for incoming requests to SSL client authentication and identity assertion. Configuration for outgoing requests is not relevant for this example.

    You can mix and match these configuration options. However, a precedence exists as to which authentication features become the identity in the received credential:
    1. Identity assertion
    2. Message-layer client authentication (basic authentication or token)
    3. Transport-layer client authentication (SSL certificates)
    1. Enable identity assertion.
    2. Disable user ID and password authentication.
    3. Enable SSL.
    4. Enable SSL client authentication.



In this information ...


IBM Redbooks, demos, education, and more


Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

IBM Suggests
Task topic    

Terms of Use | Feedback

Last updated: Nov 25, 2008 2:35:59 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.wsfep.multiplatform.doc/info/ae/ae/tsec_scenario2.html