Enable the system configuration for generic login modules

To use generic security token login module features, you must update profiles with new Java Authentication and Authorization Service (JAAS) login configuration settings.

Before you begin

Before you update existing application server profiles to use the generic login modules feature, you must install WebSphere® Application Server Version 7.0.0.11 on all nodes.

About this task

Complete the following steps to configure the product for generic login modules.

Procedure

  1. Update the system JAAS login configurations.

    Use the addSamlLoginConfigs.py script to add the wss.generate.issuedToken and wss.consume.issuedToken system JAAS login configurations, which are used by the generic security token login modules, to the cell scope security configuration document. The script is located in the app_server_root/bin/ directory. Run the following command to update the system JAAS login configurations:

    wsadmin.sh -conntype NONE -lang jython -f 
    app_server_root/bin/addSamlLoginConfigs.py  
    wsadmin.bat -conntype NONE -lang jython -f 
    app_server_root\bin\addSamlLoginConfigs.py

    In the example, app_server_root is the location of your application server installation.

    To verify that JAAS login configuration for generic login module exists in your configuration, complete the following steps in the administrative console:
    1. Click Security > Global security.
    2. Expand Java Authentication and Authorization Service and click System logins.
    3. Verify that the list of login configurations includes the wss.generate.issuedToken and wss.consume.issuedToken configurations.
  2. Add the wss.generate.issuedToken and wss.consume.issuedToken login configurations to the wsjaas.conf and wsjaas_client.conf JAAS configuration files. These files exist in the profile_root/properties directory. Add the following entries to these JAAS configuration files:
    system.wss.generate.issuedToken {
        com.ibm.ws.wssecurity.wssapi.token.impl.GenericIssuedTokenGenerateLoginModule required;
    };
    
    system.wss.consume.issuedToken {
        com.ibm.ws.wssecurity.wssapi.token.impl.GenericIssuedTokenConsumeLoginModule required;
    };
    Supported configurations Supported configurations: The generic security token login module and the Security Assertion Markup Language (SAML) functions use the same addSamlLoginConfigs.py command script. With the generic security token login module functionality, this command script is enhanced to support both functions.sptcfg

Results

The profiles are updated with new Java Authentication and Authorization Service (JAAS) login configuration settings.

What to do next

Make sure that you have completed the following tasks:

You must complete these three tasks to use the generic security token login module.




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Feb 5, 2014 9:49:51 PM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-mp&topic=twbs_setupsysconfiggenloginmod
File name: twbs_setupsysconfiggenloginmod.html