You can use the administrative console to configure outbound messages
for CSIv2.
Procedure
In the administrative console, click Security > Global security.
Under Authentication, expand RMI/HOP security.
Click CSIv2 outbound communication.
Optional: Click Propagate security attributes or Use
identity assertion. The Propagate security attributes option
enables support for security attribute propagation during login requests.
When you select this option, the application server retains additional information
about the login request, such as the authentication strength used, and retains
the identity and location of the request originator.
The Use identity
assertion option specifies that identity assertion is a way to assert
identities from one server to another during a downstream Enterprise JavaBeans™ (EJB)
invocation.
The Use server trusted identity option specifies
the server identity that the application server uses to establish trust with
the target server.
The Specify an alternative trusted identity option
enables you to specify an alternative user as the trusted identity that is
sent to the target servers instead of sending the server identity. If you
select this option you must provide the name of the trusted identity and the
password that is associated with the trusted identity.
Under CSIv2 Message layer authentication, select Supported, Never or Required.
Never
Specifies that this server cannot accept an authentication mechanism that
you select under Allow client to server authentication with:.
Supported
Specifies that clients communicating with this server can specify an authentication
mechanism that you select under Allow client to server authentication with:.
However, a method might be invoked without this type of authentication. For
example, an anonymous or client certificate might be used instead.
Required
Specifies that clients communicating with this server must specify an
authentication mechanism that you select under Allow client to server authentication
with:.
Under Allow client to server authentication with:, select Kerberos, LTPA and
or Basic authentication. You can optionally select:.
Kerberos
Select to enable authentication using the Kerberos token.
LTPA
Select to enable authentication using the Lightweight Third-Party Authentication
(LTPA) token.
Basic authentication
This type of authentication typically involves sending a user ID and a
password from the client to the server for authentication. This is also know
as Generic Security Services Username Password (GSSUP).
This authentication
also involves delegating a credential token from an already authenticated
credential, provided the credential type is forwardable; for example, LTPA.
If
you select supported under CSIv2 Message layer authentication,
and check KRB5 and LTPA under Allow client to
server authentication with:, then the server does not accept the user
name and password.
Optional: Select Custom outbound mapping.
This option enables the use of custom Remote Method Invocation (RMI)
outbound login modules.
Results
You have now configured messages for CSIv2 outbound.
Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.
This feature requires Internet access.
Most of the following links will take you to information that is not part of the formal product documentation and is provided "as is." Some of these links go to non-IBM Web sites and are provided for your convenience only and do not in any manner serve as an endorsement by IBM of those Web sites, the material thereon, or the owner thereof.
Last updated: Oct 21, 2010 7:37:48 AM CDT http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v701sca&product=was-nd-mp&topic=tsec_kerb_csiv2_outbound File name: tsec_kerb_csiv2_outbound.html