[Version 5.0.2 and later]Enabling proxy authentication for the gateway

The gateway requires access to the Internet for invoking Web services and for retrieval of WSDL files. Many enterprise installations use a proxy server in support of Internet routing, and many proxy servers require authentication before they grant access to the Internet.

Why and when to perform this task

This requirement is supported in HTTP messaging by a Proxy-Authorization message header that contains encoded user name and password credentials.

For messages passing through the gateway, you can enable and disable proxy authentication, and specify whether the authentication credentials are supplied by the service requester or by the gateway. If you specify requester-supplied credentials, the credentials in the HTTP message that the gateway receives are re-instantiated by the gateway in the equivalent message that it sends on to the proxy. If you specify gateway-supplied credentials, the gateway ignores any credentials in the incoming HTTP message and supplies its own credentials in the equivalent message that it sends on to the proxy.

In certain circumstances, the gateway also creates and sends its own messages (for example for WSDL retrieval). In these cases the gateway always supplies its own credentials to the authenticating proxy. Therefore even if you enable proxy authentication and specify requester-supplied credentials, you must still supply credentials for the gateway.

To enable proxy authentication for the gateway, complete the following steps:

Steps for this task

  1. Display the Web services gateway administrative user interface.
  2. In the navigation pane, click the following link:

    Gateway

    • Configure

    The gateway configuration form is displayed:The Web services gateway configuration page

    Note: You also use the gateway configuration form to set the namespace URI and WSDL URI for the Web services gateway.

  3. Enable the Enable proxy authentication check box.
  4. In the Proxy user field, type the proxy user name for the gateway.

    Note: If you enable proxy authentication then this field is compulsory, even if you also specify requester-supplied credentials as described in a subsequent step.

  5. In the Proxy password field, type the associated proxy password for the gateway.

    Note: If you enable proxy authentication then this field is compulsory, even if you also specify requester-supplied credentials as described in the next step.

  6. To set the Use Gateway proxy credentials for invoking WebServices check box, complete one of the following two steps:
    1. To use requester-supplied credentials, clear the Use Gateway proxy credentials check box.

      With this setting, each incoming message to the gateway from a service requester is expected to contain a valid Proxy-Authorization HTTP message header. This header is re-instantiated by the gateway in the equivalent message that it sends to the proxy.

      For gateway-initiated messaging, such as WSDL retrieval, the gateway supplies its own credentials in the HTTP messages that it sends to the proxy.

    2. To use gateway-supplied credentials, enable the Use Gateway proxy credentials check box.

      With this setting, a trust association is established between the gateway and the authenticating proxy. The gateway supplies its own credentials in all messages that it sends to the proxy, and no user name or password is required from service requesters for invoking Web services.

  7. Click Apply Changes.
  8. To provide the application server in which your gateway is running with machine details for the authenticating proxy and for any internal machines that do not require authentication, set system properties in the Java Virtual Machine (JVM) of WebSphere Application Server by completing the following steps:
    1. Start the WebSphere Application Server administrative server.
    2. Start the administrative console.
    3. In the navigation pane, select Application Servers > your_server_name > Process Definition > Java Virtual Machine > Custom Properties.
    4. Set the following properties:
      • http.proxySet - Set this to true to tell the application server that it is required to work with an authenticating proxy.
      • http.proxyHost - Set this to the machine name of the authenticating proxy.
      • http.proxyPort - Set this to the port through which the authenticating proxy is accessed. For example 8080
      • http.nonProxyHosts - List the internal machines for which authentication is not required for routing through the proxy. Separate each machine name in the list with a vertical bar (|).
      • This list must include the machine on which the gateway is installed.
    5. Save the settings.
    6. Stop then restart the application server.
    7. Close the administrative console.

Related tasks
Securing the Web services gateway
Enabling Web Services Security (WS-Security) for the gateway[Version 5.0.2 and later]
Enabling basic authentication and authorization for the gateway
Invoking Web services over HTTPS
Troubleshooting the Web services gateway



Searchable topic ID:   twsg_security_proxy
Last updated: Jun 21, 2007 4:55:42 PM CDT    WebSphere Application Server Network Deployment, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/twsg_security_proxy.html

Library | Support | Terms of Use | Feedback