Use this page to specify the name of the Java Authentication
and Authorization Service (JAAS) configuration that is defined in the JAAS
login panel.
Complete the following steps to access this page on the server level:
- Click server_name.
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using Websphere Application
Server version 6.1 or earlier, click
Web services: Default bindings
for Web services security.
mixv
- Under JAX-RPC Default Consumer Bindings, click Token
consumers > token_consumer_name or click New to
create a new token consumer.
- Under Additional properties, click JAAS configuration.
![[Version 6 only]](../../v6plusapp.gif)
Complete the following steps to access this page on the
application level:
- Click application_name.
- Under Modules, click Manage modules > URI_name.
- Under Web Services Security Properties, you can access the JAAS configuration
settings for the following bindings:
- For the Response consumer (receiver) binding, click Web services: Client
security bindings. Under Response consumer (receiver) binding, click Edit
custom. Under Required properties, click Token consumers > token_consumer_name or
click New to create a new token consumer. Under Additional properties,
click JAAS configuration.
- For the Request consumer (receiver) binding, click Web services: Server
security binding. Under Request consumer (receiver) binding, click Edit
custom. Under Required properties, click Token consumers > token_consumer_name or
click New to create a new token consumer. Under Additional properties,
click JAAS configuration.
Important: If you create a new token consumer, you must click Apply before
you can proceed to the JAAS configuration.
Specifies the name of the JAAS system or application login configuration.
Do not remove the predefined system or application login configurations.
However, within these configurations, you can add module class names and specify
the order in which the application server loads each module.
Preconfigured system login configurations
The following
predefined system login configurations are defined on the system logins panel,
which is accessible by completing the following steps:
- Click Security >
Global security.
- Expand Java Authentication and Authorization Service, click System
logins.
- system.wssecurity.IDAssertionUsernameToken
- Enables a Version 6.x application to use identity assertion to map a user
name to an application server credential principal.
- system.wssecurity.IDAssertion
- Enables a Version 5.x application to use identity assertion to map a user
name to an application server credential principal.
- system.wssecurity.Signature
- Enables a Version 5.x application to map a distinguished name (DN) in
a signed certificate to an application server credential principal.
- system.LTPA_WEB
- Processes login requests used by the Web container such as servlets and
JavaServer Pages (JSP) files.
- system.RMI_OUTBOUND
- Processes RMI requests that are sent outbound to another server when either
the com.ibm.CSI.rmiOutboundLoginEnabled or the com.ibm.CSIOutboundPropagationEnabled
properties are true. These properties are set in the Common Secure
Interoperability Version 2 (CSIv2) authentication panel.
To access
the panel, click Security > Global security. Epand
RMI/IIOP security, click CSIv2 Outbound authentication. To set the
com.ibm.CSI.rmiOutboundLoginEnabled property, select the Custom outbound
mapping option. To set the com.ibm.CSIOutboundPropagationEnabled property,
select the Security attribute propagation option.
- system.wssecurity.509BST
- Verifies an .509 binary security token (BST) by checking the validity
of the certificate and the certificate path.
- system.wssecurity.PKCS7
- Verifies an .509 certificate with a certificate revocation list in a Public
Key Cryptography Standards #7 (PKCS7) object.
- system.wssecurity.PkiPath
- Verifies an .509 certificate with a public key infrastructure (PKI) path.
- system.wssecurity.UsernameToken
- Verifies basic authentication (user name and password).
Application login configurations
The following predefined
application login configurations are defined on the Application logins panel,
which is accessible by completing the following steps:
- Click Security >
Global security.
- Expand Java Authentication and Authorization Service, click Application
logins.
- ClientContainer
- Specifies the login configuration that is used by the client container
application. This application uses the CallbackHandler API that is defined
in the deployment descriptor of the client container.
- WSLogin
- Specifies whether all applications can use the WSLogin configuration to
perform authentication for the application server security run time.
- DefaultPrincipalMapping
- Specifies the login configuration that is used by Java 2
Connectors (J2C) to map users to principals that are defined in the J2C authentication
data entries.