Message layer authentication

Defines the credential information and sends that information across the network so that a receiving server can interpret it.

When you send authentication information across the network using a token the transmission is considered message layer authentication because the data is sent with the message inside a service context.

A pure Java™ client uses Kerberos (KRB5) or basic authentication, or Generic Security Services Username Password (GSSUP), as the authentication mechanism to establish client identity.

The security token that is contained in a token-based credential is authentication mechanism-specific. The way that the token is interpreted is only known by the authentication mechanism. Therefore, each authentication mechanism has an object ID (OID) representing it. The OID and the client token are sent to the server, so that the server knows which mechanism to use when reading and validating the token. The following list contains the OIDs for each mechanism:

BasicAuth (GSSUP):  oid:2.23.130.1.1.1
SWAM:     No OID because it is not forwardable

Note: SWAM is deprecated in WebSphere® Application Server Version 7.0 and will be removed in a future release.
On the server, the authentication mechanisms can interpret the token and create a credential, or they can authenticate basic authentication data from the client, and create a credential. Either way, the created credential is the received credential that the authorization check uses to determine if the user has access to invoke the method. You can specify the authentication mechanism by using the following property on the client side: Basic authentication (BasicAuth) and KRB5 are currently the only valid values. You can configure the server through the administrative console.
Note: When perform basic authentication is enabled, if the client is not similarly configured (and does not pass a credential such as a user ID and password).



Related tasks
Securing communications
Selecting an authentication mechanism
Reference topic    

Terms of Use | Feedback

Last updated: Oct 22, 2010 12:21:29 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-zos&topic=rseccsiv2mes
File name: rsec_csiv2mes.html