Use this page to specify the Java Authentication and Authorization Service (JAAS) login configuration settings that are used to validate security tokens within incoming messages.
Specifies the method of authentication.
Specifies the name of the Java Authentication and Authorization Service (JAAS) configuration.
Do not remove these predefined system or application login configurations. Within these configurations, you can add module class names and specify the order in which WebSphere Application Server loads each module.
Specifies the name of the factory for the CallbackHandler class.
You must implement the com.ibm.wsspi.wssecurity.auth.callback.CallbackHandlerFactory class in this field.
Specifies the namespace Uniform Resource Identifiers (URI), which denotes the type of security token that is accepted.
If binary security tokens are accepted, the value denotes the ValueType attribute in the element. The ValueType element identifies the type of security token and its namespace. If Extensible Markup Language (XML) tokens are accepted, the value denotes the top-level element name of the XML token.
If the reserved words are specified previously in the Authentication method field, this field is ignored.
Data type: | Unicode characters except for non-ASCII characters, but including the number sign (#), the percent sign (%), and the square brackets ([ ]). |
Specifies the local name of the security token type, for example, X509v3.
If binary security tokens are accepted, the value denotes the ValueType attribute in the element. The ValueType attribute identifies the type of security token and its namespace. If Extensible Markup Language (XML) tokens are accepted, the value denotes the top-level element name of the XML token.
If the reserved words are specified previously in the Authentication method field, this field is ignored.
Specifies the time, in seconds, before the nonce timestamp expires. Nonce is a randomly generated value.
You must specify a minimum of 300 seconds for the Nonce maximum age field. However, the maximum value cannot exceed the number of seconds specified in the Nonce cache timeout field for either the server level or the cell level.
If you specify the BasicAuth method, but do not specify values for the Nonce maximum age field, the Web services security run time searches for a Nonce maximum age value on the server level. If a value is not found on the server level, the run time searches the cell level. If a value is not found on either the server level or the cell level, the default is 300 seconds.
Default | 300 seconds |
Range | 300 to Nonce cache timeout seconds |
Specifies the clock skew value, in seconds, to consider when WebSphere Application Server checks the freshness of the message. Nonce is a randomly generated value.
You must specify a minimum of zero (0) seconds for the Nonce Clock Skew field. However, the maximum value cannot exceed the number of seconds that is specified in the Nonce maximum age field on this Login mappings panel.
Default | 0 seconds |
Range | 0 to Nonce Maximum Age seconds |
Related concepts
Login mappings
Related reference
Login mappings collection