Why and when to perform this task
By default, when WebSphere Application Server makes an outbound request from one server to another server in a different security realm, the request is rejected. This request is rejected to protect against a rogue server reading potentially sensitive information if successfully impersonating the home of the object. The following alternatives are available to enable one server to send outbound requests to a target server in a different realm:Steps for this task (dependent on configuration)
The Example: Sample login configuration for RMI_OUTBOUND shows a custom login module that determines whether the realm names match. In this example, the realm names do not match so the WSLoginmodule is used to create a basic authentication Subject based on custom mapping rules. The custom mapping rules are specific to the customer environment and must be implemented using a realm to user ID and password mapping utility.
<entries xmi:id="JAASConfigurationEntry_2" alias="WSLogin">
<loginModules xmi:id="JAASLoginModule_2"
moduleClassName="com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy"
authenticationStrategy="REQUIRED">
<options xmi:id="Property_2" name="delegate"
value="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl"/>
<options xmi:id="Property_3" name="use_realm_callback" value="true"/>
<options xmi:id="Property_4" name="use_appcontext_callback" value="true"/>
</loginModules>
</entries>
Related tasks
Implementing a custom authentication token
Administering security
Related reference
Custom login module development for a system login configuration