To use generic security token login module features, you
must update profiles with new Java™ Authentication
and Authorization Service (JAAS) login configuration settings.
Before you begin
Before you update existing application server profiles
to use the generic login modules feature, you must install WebSphere® Application Server
Version 7.0.0.11 on all nodes.
About this task
Complete the following steps to configure the product for
generic login modules.
Procedure
- Update the system JAAS login configurations.
Use
the addSamlLoginConfigs.py script to add the wss.generate.issuedToken and wss.consume.issuedToken system
JAAS login configurations, which are used by the generic security
token login modules, to the cell scope security configuration document.
The script is located in the app_server_root/bin/ directory.
Run the following command to update the system JAAS login configurations:
wsadmin.sh -conntype NONE -lang jython -f
app_server_root/bin/addSamlLoginConfigs.py
In
the example, app_server_root is the location of
your application server installation.
To verify
that JAAS login configuration for generic login module exists in your
configuration, complete the following steps in the administrative
console:
- Click .
- Expand Java Authentication and Authorization Service and
click System logins.
- Verify that the list of login configurations includes the wss.generate.issuedToken and wss.consume.issuedToken configurations.
- Add the wss.generate.issuedToken and wss.consume.issuedToken login configurations to
the wsjaas.conf and wsjaas_client.conf JAAS
configuration files. These files exist in the profile_root/properties directory.
Add the following entries to these JAAS configuration files:
system.wss.generate.issuedToken {
com.ibm.ws.wssecurity.wssapi.token.impl. GenericIssuedTokenGenerateLoginModule required;
};
system.wss.consume. issuedToken {
com.ibm.ws.wssecurity.wssapi.token.impl. GenericIssuedTokenConsumeLoginModule required;
};
Supported configurations: The generic security token
login module and the Security Assertion Markup Language (SAML) functions
use the same
addSamlLoginConfigs.py command script.
With the generic security token login module functionality, this command
script is enhanced to support both functions.
sptcfg
Results
The profiles are updated with new Java Authentication and Authorization Service
(JAAS) login configuration settings.
What to do next
Make sure that you have completed the following tasks:
- Configure a generic security token login module for the token
generator.
- Configure a generic security token login module for the token
consumer.
You must complete these three tasks to use the generic security
token login module.