Use this page to view your server deployment descriptor settings.
Before you begin this task, the Web services application must be installed.
By completing this task, you can gather information that enables you to
maintain or configure binding information. After the Web services application
is installed, you can view the Web services deployment descriptors.
To view this administrative console page, complete the following steps:
- Click Applications > Enterprise applications > application_name.
- Under Related items, click EJB modules or Web modules > URI_file_name >
View Web services server deployment descriptor.
WebSphere
Application Server Network Deployment has three levels of bindings: application-level,
server-level, and cell-level. The information in the following implementation
descriptions indicate how to configure your application-level bindings. To
configure the server-level bindings, which are the defaults, complete the
following steps:
- Click Servers > Application servers > server_name.
- Under Security, click Web services: Default bindings for Web services
security.
To configure the cell-level bindings, click Security
> Web services.
Request digital signature verification
If
the integrity constraints, which require a signature, are defined, verify
that you configured the signing information in the binding files.
To
configure the signing parameters, complete the following steps:
- Click Applications > Enterprise applications > application_name.
- Under Related items, click EJB modules or Web modules > URI_file_name > Web
services: Server security bindings.
- Under Request consumer (receiver) binding, click Edit custom > Signing
information.
To configure the trust anchor, complete the following steps:
- Click Servers > Application servers > server_name.
- Under Security, click Web services: Default bindings for Web services
security.
- Under Additional properties, click Trust anchors.
To configure the collection certificate store, complete the following
steps:
- Click Servers > Application servers > server_name.
- Under Security, click Web services: Default bindings for Web services
security.
- Under Additional properties, click Collection certificate store.
To configure the key locators, complete the following steps:
- Click Servers > Application servers > server_name.
- Under Security, click Web Services: Default bindings for Web services
security.
- Under Additional properties, click Key locators.
Request decryption
If the confidentiality
constraints (encryption) are specified, verify that the encryption information
is defined.
To configure the encryption information parameters, complete
the following steps:
- Click Enterprise applications > application_name.
- Under Related items, click EJB modules or Web modules > URI_name.
- Under Additional properties, click Web services: Server security bindings.
- Under Request consumer (receiver) binding, click Edit custom > Encryption
information.
To configure the key locators, complete the following steps:
- Click Servers > Application servers > server_name.
- Under Security, click Web Services: Default bindings for Web services
security.
- Under Additional properties, click Key locators.
Basic authentication
If
BasicAuth authentication
is configured as the required security token, specify the callback handler
in the binding file to collect the basic authentication data. The following
list contains callback support implementations:
- com.ibm.wsspi.wssecurity.auth.callback.GuiPromptCallbackHandler
- The implementation prompts for BasicAuth information (user name and password)
in an interface panel.
- com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
- This implementation reads the BasicAuth information from the binding file.
- com.ibm.wsspi.wssecurity.auth.callback.StdPromptCallbackHandler
- This implementation prompts for a user name and password using the standard
in (stdin) prompt.
To configure the login mapping information, complete
the following steps:
- Click Server > Application Servers > server_name.
- Under Security, click Web Services: Default bindings for Web services
security.
- Under Additional properties, click Login mappings.
Identity (ID) assertion authentication with
the BasicAuth TrustMode
Configure a login binding in the bindings
file with a com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
implementation. Specify a user name and password for basic authentication
that a TrustedIDEvaluator on a downstream server trusts.
To
configure the login mapping information, complete the following steps:
- Click Server > Application servers > server_name.
- Under Security, click Web services: Default bindings for Web services
security.
- Under Additional properties, click Login mappings.
Identity (ID) assertion authentication
with the signature TrustMode
Configure the signing information in
the bindings file with a signing key that points to a key locator. The key
locator contains the X.509 certificate that is trusted by the downstream server.
To
configure the login mapping information, complete the following steps:
- Click Server > Application servers > server_name.
- Under Security, click Web services: Default bindings for Web services
security.
- Under Additional properties, click Login mappings.
The Java Authentication and Authorization Service (JAAS) uses
WSLogin as
the name of the login configuration. To configure JAAS, complete the following
steps:
- Click Security > Secure administration, applications, and infrastructure.
- Under Authentication, click Java Authentication and Authorization Service
> Application logins.
The value of the <TrustedIDEvaluatorRef> tag in the binding
must match the value of the <TrustedIDEvaluator> name.
To configure
the trusted ID evaluators, complete the following steps:
- Click Servers > Application servers > server_name.
- Under Security, click Web services: Default bindings for Web services
security.
- Under Additional properties, click Trusted ID evaluators.
Response signing
If the integrity
constraints (digital signature) are defined, verify that you have the signing
information configured in the binding files.
To specify the signing
information, complete the following steps:
- Click Applications > Enterprise applications > application_name.
- Under Related items, click EJB modules or Web modules > URI_file_name >
Web services: Server security bindings.
- In the Request receiver binding column, click Edit > Signing information.
To configure the key locators, complete the following steps:
- Click Servers > Application servers > server_name.
- Under Security, click Web services: Default bindings for Web services
security.
- Under Additional properties, click Key locators.
Response encryption
If the confidentiality
constraints (encryption) are specified, verify that the encryption information
is defined.
To specify the encryption information, complete the following
steps:
- Click Enterprise applications > application_name.
- Under Related items, click EJB modules or Web modules.
- Under Additional properties, click Web services: Server security bindings.
- Under Request consumer (receiver) binding, click Edit custom > Encryption
information.
To configure the key locators, complete the following steps:
- Click Servers > Application servers > server_name.
- Under Security, click Web services: Default bindings for Web services
security.
- Under Additional properties, click Key locators.