Login bindings configuration settings

Use this page to specify the Java Authentication and Authorization Service (JAAS) login configuration settings that are used to validate security tokens within incoming messages.

Important: There is an important distinction between Version 5.x and Version 6 and later applications. The information in this article supports Version 5.x applications only that are used with WebSphere® Application Server Version 6.0.x and later. The information does not apply to Version 6.0.x and later applications. Version 5.x applications are based on Java 2 platform, Enterprise Edition (J2EE) 1.3.
The pluggable token uses the Java Authentication and Authorization Service (JAAS) CallBackHandler (javax.security.auth.callback.CallBackHandler) interface to generate the token that is inserted into the message. The following list describes the CallBack support implementations:
com.ibm.wsspi.wssecurity.auth.callback.BinaryTokenCallback
This implementation is used for generating binary tokens inserted as <wsse:BinarySecurityToken/@ValueType> in the message.
javax.security.auth.callback.NameCallback and javax.security.auth.callback.PasswordCallback
This implementation is used for generating user name tokens inserted as <wsse:UsernameToken> in the message.
com.ibm.wsspi.wssecurity.auth.callback.XMLTokenSenderCallback
This implementation is used to generate Extensible Markup Language (XML) tokens and is inserted as the <SAML: Assertion> element in the message.
com.ibm.wsspi.wssecurity.auth.callback.PropertyCallback
This implementation is used to obtain properties that are specified in the binding file.
To view this administrative console page, complete the following steps:
  1. Click Applications > Application Types > WebSphere enterprise applications > application_name.
  2. Under Modules, click Manage modules > URI_file_name. Under Web Services Security Properties, click Web Services: Client security bindings.
  3. Under Request Sender Bindings, click Edit.
  4. Under Additional properties, click Login binding.

If the encryption information is not available, select None.

If the encryption information is available, select Dedicated login binding and specify the configuration in the following fields:

Authentication method

Specifies the unique name for the authentication method.

You can uses any string to name the authentication method. However, the string must match the element in the server-level configuration. The following words are reserved by WebSphere Application Server:
BasicAuth
This method uses both a user name and a password.
IDAssertion
This method uses a user name, but it requires that additional trust is established by the receiving server using a trusted ID evaluator mechanism.
Signature
This method uses the distinguished name (DN) of the signer.
LTPA
This method validates the token.

Callback handler

Specifies the name of the callback handler. The callback handler must implement the javax.security.auth.callback.CallbackHandler interface.

Basic authentication user ID

Specifies the user name for basic authentication. With the basic authentication method, you can define a user name and a password in the binding file.

Basic authentication password

Specifies the password for basic authentication.

Token type URI

Specifies the namespace Uniform Resource Identifiers (URI), which denotes the type of security token that is accepted.

The value of this field if is impacted by the following conditions:

This information is inserted as <wsse:BinarySecurityToken>/ValueType for the <SAML: Assertion> XML token.

Token type local name

Specifies the local name of the security token type. For example, X509v3.

The value of this field if is impacted by the following conditions:

This information is inserted as <wsse:BinarySecurityToken>/ValueType for the <SAML: Assertion> XML token.




Related tasks
Securing web services for Version 5.x applications using XML encryption
Reference topic Reference topic    

Terms of Use | Feedback

Last updatedLast updated: Sep 19, 2011 4:16:02 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-base-dist&topic=uwbs_loginbnd
File name: uwbs_loginbnd.html