You can configure digest authentication for Oracle Internet Directory,
an implementation of the Lightweight Directory Access Protocol (LDAP) that
uses the Oracle database as a repository for directory entries.
Before you begin
To configure digest authentication for
Oracle Internet Directory,
you will need to:
- Install Oracle Internet Directory version 9.0.2.
- Set up and activate Lightweight Third Party Authentication. For more information,
see the section.
- You also may want to refer to the section Configuring a custom trust association interceptor for
more TAI information.
About this task
Complete the following procedure to configure digest authentication
for Oracle Internet Directory on WebSphere Application Server:
Procedure
- To set up digest authentication, verify that Lightweight
Third Party Authentication (LTPA) is configured for use on your
server by selecting . In the Configuration tab
on the Authentication mechanisms and expiration page
you should see the Password field already filled in.
- In the administrative console, click .
- Under Authentication, expand Web
security and click on Trust association.
- On the Configuration tab, under General
properties, make sure the Enable trust association box
is checked. Then click Apply.
- On the Interceptors page of the administration
console look for com.ibm.ws.sip.security.digest.DigestTAI in
the Interceptor class name list:
- If this class name in not present, click New to
open the Configuration tab and enter com.ibm.ws.sip.security.digest.DigestTAI in
the Interceptor class name field and click Apply.
Then proceed to the following steps.
- If this interceptor class is present, you may set up custom
properties for it. To do this, click :
- Click OK.
- Navigate through to the Configuration tab.
- In the Key generation section, click Generate
Keys. (No import or export of the key is necessary.)
- Under the Cross-cell single sign-on section fill in the Password fields.
- Fill in the Internal server ID field.
- Click OK.
- Click to .
- If the box Use Java 2 security to restrict application
access to local resources is checked, then Java 2 security is
enabled. Click the box if you want to disable Java 2 security.
- In the User account repository section
of the page, select your LDAP registry from the Available realm
definitions drop-down box.
- Click Set as current and then clickApply.
- Save all changes.
- Restart the server.
- Be sure you see the following message appear in the SystemOut.log after
the server has restarted:
SECJ0121I: Trust Association Init class
com.ibm.ws.sip.security.digest.DigestTAI loaded successfully
If
this message does not appear in the log, digest authentication has not been
activated.