About this task
You can choose either stateful or stateless security.
Performance is optimum when choosing stateful sessions. The first method request
between this server and the downstream server is authenticated. All subsequent
requests reuse the session information, including the credential. A unique
session entry is defined as the combination of a unique client authentication
token and an identity token, scoped to the connection.
Example
Typically, the outbound authentication configuration is for an upstream
server to communicate with a downstream server. Most likely, the upstream
server is a servlet server and the downstream server is an Enterprise JavaBeans
(EJB) server. On a servlet server, the client authentication that is performed
to access the servlet can be one of many different types of authentication,
including client certificate and basic authentication. When receiving basic
authentication data, whether through a prompt login or a form-based login,
the basic authentication information is typically authenticated to from a
credential of the mechanism type that is supported by the server, such as
the Lightweight Third Party Authentication (LTPA). When LTPA is the mechanism,
a forwardable token exists in the credential. Choose the message layer (BasicAuth) authentication to propagate the client credentials.
If the credential is created using a certificate login and you want to preserve
sending the certificate downstream, you might decide to go outbound with identity
assertion.
What to do next
Save the configuration and restart the server for the changes to
take effect.