Caller settings

Use this page to configure the caller settings. The caller specifies the token or message part that is used for authentication.

You can configure custom bindings for tokens and message parts that are required by the policy set. To view this administrative console page when you are configuring custom bindings for tokens and message parts that are required by the policy set, complete the following actions:
  1. Click Applications > Enterprise applications .
  2. Select an application that contains Web services. The application must contain a service provider or a service client.
  3. Click the Service provider policy sets and bindings link in the Web Services Properties section. The caller settings are available only for the service provider policy sets and bindings. The caller settings are not available for service client policy sets and bindings.
  4. Select a binding. You must have previously attached a policy set and assigned a custom binding.
  5. Click the WS-Security policy in the Policies table.
  6. Click the Caller link in the Main message security policy bindings section.
  7. Click New.

Name

Specifies the name of the caller to use for authentication. Enter a caller name in this required field. This arbitrary name identifies this caller setting.

Default String

Caller identity local part

Specifies the local name of the caller to use for authentication. Enter a caller identity local name in this required field.

See the Caller identity namespace URI field description for a list of possible values

Default String

Caller identity namespace URI

Specifies the uniform resource identifier (URI) of the caller to use for authentication. Enter a caller URI in this field.

The following table provides a list of the Caller identity local part and the Caller identity namespace URI field values as applicable. A Caller identity namespace URI value is not needed unless it is otherwise specified in the table.
Table 1. Possible values for the caller identity
Token type Caller identity local part Caller identity namespace URI
Username token 1.0 http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken  
Username token 1.1 [Updated in October 2011] http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken [Updated in October 2011]
oct2011
 
X509 certificate token http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509  
X509 certificates in a PKIPath http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1  
A list of X509 certificates and CRLs in a PKCS#7 http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#PKCS7  
LTPA token LTPA http://www.ibm.com/websphere/appserver/tokentype/5.0.2
LTPA propagation token LTPA_PROPAGATION http://www.ibm.com/websphere/appserver/tokentype
Note: If you specify a custom value type for a custom token, you must specify the Caller identity local part and Caller identity namespace URI values. For example, you might enter Custom in the Caller identity local part value field and http://www.ibm.com/custom in the Caller identity namespace URI field.

Use identity assertion

Specifies whether identity assertion is used when authenticating.

Select this check box if you want to use identity assertion. When you select this checkbox, the Trusted identity local name and Trusted identity namespace URI fields are enabled.

Default Disabled

Trusted identity local name

Specifies the trusted identity local name when the identity assertion is used.

If you select the Use identity assertion option and a trust token exists in the WS-Security policy, you must provide a value for the Trusted identity local name field for the bindings to work properly.

Trusted identity namespace URI

Specifies the trusted identity uniform resource identifier (URI).

Callback handler

Specifies the class name of the callback handler. Enter the class name of the callback handler in this field.

If you provide a value for the Trusted identity local name field and you do not set the token consumer for the trust token to Trust any certificate, then you must set the value in this Callback handler field to com.ibm.ws.wssecurity.impl.auth.callback.TrustedIdentityCallbackHandler.

When you provide a callback handler name, you must specify the trusted identities as callback handler custom properties. For example:
property name="trustedId_0", value="CN=Bob,O=ACME,C=US"
property name="trustedId_1", value="user1"

JAAS login

Specifies the Java Authentication and Authorization Service (JAAS) application login. Select a callback handler from the menu or click New Application Login to create a new configuration.

Custom properties – Name

Specifies the name of the custom property.

Custom properties are not initially displayed in this column. Select one of the following actions for custom properties:

Button Resulting Action
New Creates a new custom property entry. To add a custom property, enter the name and value.
Edit Specifies that you can edit the custom property value. At least one custom property must exist before this option is displayed.
Delete Removes the selected custom property.

Custom properties – Value

Specifies the value of the custom property that you want to use. Use the Value field to add, edit, or delete the value for a custom property.




Related tasks
Managing policy sets using the administrative console
Related reference
Caller collection
Defining binding information for policy sets
Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 1:23:07 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=uwbs_wsspsbcal
File name: uwbs_wsspsbcald.html