You can configure digest authentication and Trust Association Interceptor
(TAI) for the Session Initiation Protocol (SIP).
Before you begin
To configure digest authentication and TAI on WebSphere Application
Server, you will need to:
- Install a supported LDAP server.
- If you want to use Lightweight Third Party Authentication (LDAP), set
up and activate LDAP. For more information, see the section.
- To configure digest TAI to work without LDAP, complete these
steps:
- Create a class that implements the interface: com.ibm.ws.sip.security.digest.DigestPasswordServer.
- On the SIPDigestTaI custom property, enter these values for the Name and Value fields:
- Name: DigestPasswordServerClass
- Value: <impl class name>
- Ensure that all users that implement the impl class are declared in the
user registry configured for WebSphere Application Server security.
- You also may want to refer to the section Configuring a custom trust association interceptor for
more TAI information.
About this task
Complete the following procedure to configure digest authentication
and TAI on WebSphere Application Server:
Procedure
- To set up digest authentication, verify that Lightweight
Third Party Authentication (LTPA) is configured for use on your
server by selecting . In the Configuration tab
on the Authentication mechanisms and expiration page
you should see the Password field already filled in.
- In the administrative console, click .
- Under Authentication, expand Web
security and click on Trust association.
- On the Configuration tab, under General
properties, make sure the Enable trust association box
is checked. Then click Apply.
- On the Interceptors page of the administration
console look for com.ibm.ws.sip.security.digest.DigestTAI in
the Interceptor class name list:
- If this class name in not present, click New to
open the Configuration tab and enter com.ibm.ws.sip.security.digest.DigestTAI in
the Interceptor class name field and click Apply.
Then proceed to the following steps.
- If this interceptor class is present, you may proceed to set
up a realm in digest authentication. To do this, click :
- Click OK.
- Navigate through to the Configuration tab.
- In the Key generation section, click Generate
Keys. (No import or export of the key is necessary.)
- Under the Cross-cell single sign-on section fill in the Password fields.
- Fill in the Internal server ID field.
- Click OK.
- Click to .
- If the box Use Java 2 security to restrict application
access to local resources is checked, click to deselect it.
- In the User account repository section
of the page, select your LDAP registry from the Available realm
definitions drop-down box.
- Click Set as current and then clickApply.
- Save all changes.
- Restart the server.
- Be sure you see the following message appear in the SystemOut.log after
the server has restarted:
SECJ0121I: Trust Association Init class com.ibm.ws.sip.security.digest.DigestTAI loaded successfully
If this message does not appear in the log, digest authentication has
not been activated.