InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.1: Securing applications with the Java administrative console >
6.6.18.1.4a.3: Authentication Mechanism settings of the Configure Global Settings task
- Local Operating System
- Specifies that information will be authenticated with the underlying operating
system's user registry. Usually, such registries apply basic authentication,
checking a user ID and password.
This selection influences the fields displayed on
subsequent tabbed pages. If the administrator enables authentication by the Local Operating
System, some properties described in this file will not be displayed
because they do not apply to that situation.
If using a Windows-based operating system belonging to a domain,
see the note about configuring permissions.
- Lightweight Third Party Authentication (LTPA)
- Specifies that basic or certificate authentication will be used to authenticate
the user with an LDAP directory service. If you select LTPA, provide
additional information:
- Token Expiration: Specifies how many minutes can pass before
a client using an LTPA token must authenticate again. LTPA uses tokens
to store the authenticated status of a client.
Legal Values:
- A positive integer indicates the token life, in minutes
- Generate Keys: Specifies whether the LTPA mechanism
should generate a new set of encrypted keys right now. When prompted
for a password, supply a string that is used by the underlying key
generation mechanism.
When the administrator selects LTPA as the authentication mechanism, encryption keys
are generated automatically. The administrator need not click this
button unless he or she would like those initial keys to be replaced by new keys.
- Import from File: Specifies whether to import a file containing
the encryption keys. This allows IBM WebSphere Application Server to
share keys from other IBM products
that support this functionality.
If the administrator specified a
password when he or she created the key file,
the administrator will be prompted for that password when he or she tries
to import the key file.
- Export to File: Specifies whether to export a file containing the
encryption keys. This allows IBM WebSphere Application Server to
share the keys with other IBM products
that support this functionality.
- Enable Single Sign On: Enabling Single Sign On (SSO) tells LTPA to store
extra information in the tokens so that other applications can accept
clients as already authenticated by WebSphere Application Server. When
clients try to access the other applications, they will not be interrupted
and asked to log in.
- Domain: Restrict SSO to servers in the domain you specify
in this field.
- Limit to SSL connections only
Specifies to use a connection with SSL for Single Sign On, to prevent
the SSO token from flowing over non-secure connections.
WebSphere Application Server Version 3.5 introduces support for
Single Sign On with Domino Server. WebSphere Application Server can
import and export keys and provide a Single Sign On between
the WebSphere Application Server and Domino environments.
|
|