By default, when WebSphere® Application Server makes an outbound request from one server to another server in a different security realm, the request is rejected. This topic details alternatives for enabling one server to send outbound requests to a target server in a different realm.
The Example: Sample login configuration for RMI_OUTBOUND shows a custom login module that determines whether the realm names match. In this example, the realm names do not match so the WSLoginmodule is used to create a basic authentication Subject based on custom mapping rules. The custom mapping rules are specific to the customer environment and must be implemented using a realm to user ID and password mapping utility.
<entries xmi:id="JAASConfigurationEntry_2" alias="WSLogin">
<loginModules xmi:id="JAASLoginModule_2"
moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy"
authenticationStrategy="REQUIRED">
<options xmi:id="Property_2" name="delegate"
value="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl"/>
<options xmi:id="Property_3" name="use_realm_callback" value="true"/>
<options xmi:id="Property_4" name="use_appcontext_callback" value="true"/>
</loginModules>
</entries>