Use this page to specify the features that a server supports when acting as a client to another downstream server.
To view this administrative console page, click Security > Authentication Protocol > CSI Outbound Authentication.
Authentication features include two layers of authentication that you can use simultaneously. The message layer for z/OS is empty.
Note: Although basic authentication appears on this panel, this feature is not available in WebSphere Application Server for z/OS.
Configuration tab
Typically, client certificate authentication has a higher performance than message layer authentication, but requires some additional setup steps. These additional steps include verifying that this server has a personal certificate and that the downstream server has the signer certificate of this server.
If you select client certificate authentication, decide whether it is required or supported. Select Required to indicate that this server can only connect to downstream servers with client certificate authentication also configured. Select Supported to indicate that this server performs client certificate authentication with any downstream server, but might not use client certificate authentication depending on whether it is supported by the downstream server. Select Never to indicate that this client does not perform client certificate authentication to any downstream server. This limitation prevents access to any downstream server that requires client certificate authentication.
Data type: | String |
The identity asserted is the client identity. If there are multiple identity types to assert, the identity is asserted in the following order: client certificate, distinguished name (DN), Service Access Facility (SAF) user ID. The receiving server receives the identity in an identity token with an empty client authentication token. The Secure Sockets Layer (SSL) certificate of the server serves as the identity of the server to the receiving server.
Data type: | String |