You use the WebSphere® Application Server administrative console
to configure the Rivest Shamir Adleman (RSA) token authentication mechanism.
The RSA token authentication mechanism can only be used for administrative
requests. As such, the authentication mechanism choices for administrative
authentication are part of the Global Security panel of the administrative
console.
Before you begin
RSA token authentication mechanism is the default selection for the
application server, administrative agent, and job manager profiles. LTPA is
still the default for the deployment manager profile to preserve the same
behavior for the existing topology.
About this task
You configure Lightweight Third-Party Authentication (LTPA) and Kerberos
on the main authentication mechanism panels of the administrative console
as well as configure RSA token authentication. During registration of a base
profile with the administrative agent, the trusted certificates on both sides
are updated with the root signer for the other. The same process occurs
during registration of an administrative agent or deployment manager with
a job manager. When removing the registration, the trusted signers are removed
from both sides so that trust is no longer established.
By default, the
RSA mechanism is set up correctly during the registration tasks, such as registerNode or registerWithJobManager.
No further actions are necessary to establish trust within these environments.
However, if you need to establish trust between two base servers or between
two admin agents, for example, you can use the following steps to further
configure the RSA token authentication mechanism:
Procedure
- Click Security > Global security . Under Administrative
security click the link to Administrative authentication.
- Select the RSA token radio button. Select a data encryption keystore
from the drop-down list. The option is recommend for flexible systems
administration.
- Select the trusted signers keystore from the drop-down list.
- Enter the nonce cache timeout value.
- Enter token timeout value.
- Click Apply and Save.
Results
You configured the use of the RSA token authentication mechanism.