Use this page to configure the encryption and decryption parameters.
Important: There is an important distinction between Version 5.x
and Version 6 and later applications. The information in this article supports
Version 5.x applications only that are used with WebSphere Application Server
Version 6.0.x and later. The information does not apply to Version 6.0.x and
later applications.
The pluggable token uses the Java Authentication and Authorization Service
(JAAS) CallBackHandler (javax.security.auth.callback.CallBackHandler) interface
to generate the token that is inserted into the message. The following list
describes the CallBack support implementations:
- com.ibm.wsspi.wssecurity.auth.callback.BinaryTokenCallback
- This implementation is used for generating binary tokens inserted as <wsse:BinarySecurityToken/@ValueType> in
the message.
- javax.security.auth.callback.NameCallback and javax.security.auth.callback.PasswordCallback
- This implementation is used for generating user name tokens inserted as <wsse:UsernameToken> in
the message.
- com.ibm.wsspi.wssecurity.auth.callback.XMLTokenSenderCallback
- This implementation is used to generate Extensible Markup Language (XML)
tokens and is inserted as the <SAML: Assertion> element in the
message.
- com.ibm.wsspi.wssecurity.auth.callback.PropertyCallback
- This implementation is used to obtain properties that are specified in
the binding file.
To view this administrative console page, complete the following steps:
- Click Applications > Enterprise Applications > application_name.
- Under Related Items, click EJB modules or Web
modules > URI_file_name > Web Services: Client security bindings.
- Under Request Sender Bindings, click Edit.
- Under Additional properties, click Login binding.
If the encryption information is not available, select None.
If the encryption information is available, select Dedicated login binding and
specify the configuration in the following fields:
Specifies the unique name for the authentication method.
You can uses any string to name the authentication method. However, the
string must match the element in the server-level configuration. The following
words are reserved by WebSphere Application Server:
- BasicAuth
- This method uses both a user name and a password.
- IDAssertion
- This method uses a user name, but it requires that additional trust is
established by the receiving server using a trusted ID evaluator mechanism.
- Signature
- This method uses the distinguished name (DN) of the signer.
- LTPA
- This method validates the token.
Specifies the namespace Uniform Resource Identifiers (URI), which
denotes the type of security token that is accepted.
The value of this field if is impacted by the following conditions:
- If binary security tokens are accepted, the value denotes the ValueType
attribute in the element. The ValueType element identifies the type of security
token and its namespace.
- If Extensible Markup Language (XML) tokens are accepted, the value denotes
the top-level element name of the XML token.
- The Token type URI field is ignored if the reserved words, which are listed
in the description of the Authentication method field, are specified.
This information is inserted as <wsse:BinarySecurityToken>/ValueType for
the <SAML: Assertion> XML token.
Specifies the local name of the security token type. For example,
X509v3.
The value of this field if is impacted by the following conditions:
- If binary security tokens are accepted, the value denotes the ValueType
attribute in the element. The ValueType element identifies the type of security
token and its namespace.
- If Extensible Markup Language (XML) tokens are accepted, the value denotes
the top-level element name of the XML token.
- The Token type URI field is ignored if the reserved words, which are listed
in the description of the Authentication method field, are specified.
This information is inserted as <wsse:BinarySecurityToken>/ValueType for
the <SAML: Assertion> XML token.