You can specify the token consumer on the application level. The token consumer information is used on the consumer side to incorporate the security token.
Complete the following steps to configure the token consumer on the application level.
The token consumer class name for the request consumer and the response consumer must be similar to the token generator class name for the request generator and the response generator. For example, if your application requires a user name token consumer, you can specify the com.ibm.wsspi.wssecurity.token.UsernameTokenGenerator class name on the Token generator panel for application level and the com.ibm.wsspi.wssecurity.token.UsernameTokenConsumer class name in this field.
You can select one of the following options:
property name="trustedId_0", value="CN=Bob,O=ACME,C=US" property name="trustedId_1, value="user1"
If the distinguished name (DN) is used, the space is removed for comparison. See the programming model information in the documentation for an explanation of how to implement the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator interface. For more information, see .
The trusted ID evaluator configuration is available only for the token consumer on the server-side application level.
URI | Local name | Description |
---|---|---|
A namespace URI is not applicable. | Specify http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 as the local name value. | Specifies the name of an X.509 certificate token |
A namespace URI is not applicable. | Specify http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1 as the local name value. | Specifies the name of the X.509 certificates in a PKI path |
A namespace URI is not applicable. | Specify http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#PKCS7 as the local name value. | Specifies a list of X509 certificates and certificate revocation lists (CRL) in a PKCS#7 |
Specify http://www.ibm.com/websphere/appserver/tokentype/5.0.2 as the URI value. | Specify LTPA as the local name value. | Specifies a binary security token that contains an embedded Lightweight Third Party Authentication (LTPA) token. |
If you want to specify another token, you must specify both the local name and the URI. For example, if you have an implementation of your own custom token, you can specify CustomToken in the Local name field and http://www.ibm.com/custom
To access the panel, click Security > Global security. Under Authentication, click RMI/IIOP security > CSIv2 Outbound authentication. To set the com.ibm.CSIOutboundPropagationEnabled property, select Security attribute propagation. To modify this JAAS login configuration, see the JAAS - System logins panel.
In this information ...Subtopics
Related concepts
Related tasks
| IBM Redbooks, demos, education, and more(Index) Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience. This feature requires Internet access. Most of the following links will take you to information that is not part of the formal product documentation and is provided "as is." Some of these links go to non-IBM Web sites and are provided for your convenience only and do not in any manner serve as an endorsement by IBM of those Web sites, the material thereon, or the owner thereof. |