You can configure trusted identity (ID) evaluators. The trusted
ID evaluator determines whether or not to trust the identity-asserting authority.
About this task
This task provides the steps that are needed to configure trusted
identity (ID) evaluators. The trusted ID evaluator determines whether to trust
the identity-asserting authority. After the ID is trusted, the WebSphere® Application
Server issues the proper credentials based on the identity, which are used
in a downstream call to another server for invoking resources. The trusted
ID evaluator implements the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator
interface.
Complete
the following steps to configure the trusted ID evaluators on the server level:
Procedure
- Access the default bindings for the server level.
- Click Servers > Server Types > WebSphere application
servers > server_name.
- Under Security, click JAX-WS and JAX-RPC security
runtime.
Mixed-version environment: In a mixed node cell
with a server using Websphere Application Server version 6.1 or earlier, click
Web
services: Default bindings for Web services security.
mixv
- Under Additional properties, click Trusted ID evaluators.
- Click New to create a trusted ID evaluator configuration,
click Delete to delete an existing configuration, or click the name
of an existing configuration to edit the settings. If you are creating
a new configuration, enter a unique name for the trusted ID evaluator configuration
in the Trusted ID evaluator name field. This field specifies the name that
is used by the application binding to refer to a trusted identity (ID) evaluator
that is defined in the default binding.
- Specify a class name in the Trusted ID evaluator class name field.
The default class name is com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorImpl.
The specified trusted ID evaluator class name must implement the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator
class. When you use the default TrustedIDEvaluator class, you must specify
the name and value properties for the default trusted ID evaluator to create
the trusted ID list for evaluation.
- Under Additional properties, click Properties > New.
- Specify the trusted ID evaluator name as a property name.
You must specify the trusted ID evaluator name in the form, trustedId_n,
where _n is an integer from zero (0) to n.
- Specify the trusted ID as a property value.
property name="trustedId_0", value="CN=Bob,O=ACME,C=US"
property name="trustedId_1, value="user1"
If a distinguished
name (DN) is used, the space is removed for comparison.
- Click OK and then Save.
Results
You have
configured the trusted ID evaluators at the server level.