Use this page to specify the Java Authentication
and Authorization Service (JAAS) login configuration settings that
are used to validate security tokens within incoming messages.
Important: There is an important
distinction between Version
5.x and Version 6 and later applications. The information in
this article supports Version 5.x applications only that are
used with WebSphere® Application
Server Version 6.0.x and later. The information does not apply
to Version 6.0.x and later applications. Version 5.x applications
are based on Java 2 platform,
Enterprise Edition (J2EE) 1.3.
The pluggable token uses the Java Authentication
and Authorization Service (JAAS) CallBackHandler (javax.security.auth.callback.CallBackHandler)
interface to generate the token that is inserted into the message.
The following list describes the CallBack support implementations:
- com.ibm.wsspi.wssecurity.auth.callback.BinaryTokenCallback
- This implementation is used for generating binary tokens inserted
as <wsse:BinarySecurityToken/@ValueType> in
the message.
- javax.security.auth.callback.NameCallback
and javax.security.auth.callback.PasswordCallback
- This implementation
is used for generating user name tokens inserted
as <wsse:UsernameToken> in the message.
- com.ibm.wsspi.wssecurity.auth.callback.XMLTokenSenderCallback
- This implementation is used to generate Extensible Markup Language
(XML) tokens and is inserted as the <SAML: Assertion> element
in the message.
- com.ibm.wsspi.wssecurity.auth.callback.PropertyCallback
- This implementation is used to obtain properties that are specified
in the binding file.
To view this administrative
console page, complete the following
steps:
- Click .
- Under Modules, click .
Under Web Services Security Properties, click Web Services:
Client security bindings.
- Under Request Sender Bindings, click Edit.
- Under Additional properties, click Login binding.
If the encryption information is not available, select None.
If the encryption information is available, select Dedicated
login binding and specify the configuration in the following
fields:
Specifies the unique name for the authentication method.
You can uses any string to name the authentication method.
However,
the string must match the element in the server-level configuration.
The following words are reserved by WebSphere Application Server:
- BasicAuth
- This method uses both a user name and a password.
- IDAssertion
- This method uses a user
name, but it requires that additional
trust is established by the receiving server using a trusted ID evaluator
mechanism.
- Signature
- This method
uses the distinguished name (DN) of the signer.
- LTPA
- This method validates the token.
Specifies the namespace Uniform Resource Identifiers (URI),
which denotes the type of security token that is accepted.
The value of this field if is impacted by the following conditions:
- If binary security tokens are accepted, the value denotes the
ValueType attribute in the element. The ValueType element identifies
the type of security token and its namespace.
- If Extensible
Markup Language (XML) tokens are accepted, the value
denotes the top-level element name of the XML token.
- The Token
type URI field is ignored if the reserved words, which
are listed in the description of the Authentication method field,
are specified.
This information is inserted as <wsse:BinarySecurityToken>/ValueType for
the <SAML: Assertion> XML token.
Specifies
the local name of the security token type. For
example, X509v3.
The value of this field if is
impacted by the following conditions:
- If binary security tokens
are accepted, the value denotes the
ValueType attribute in the element. The ValueType element identifies
the type of security token and its namespace.
- If Extensible
Markup Language (XML) tokens are accepted, the value
denotes the top-level element name of the XML token.
- The Token
type URI field is ignored if the reserved words, which
are listed in the description of the Authentication method field,
are specified.
This information is inserted as <wsse:BinarySecurityToken>/ValueType for
the <SAML: Assertion> XML token.