Web Services Security defines the types of security tokens. The deployment descriptor extension file defines the types of tokens that the message can accept.
A user name token consists of a user name and, optionally, password information. You can include a user name token directly in the <Security> header within the message. Binary tokens, such as X.509 certificates, Kerberos tickets, Lightweight Third Party Authentication (LTPA) tokens, or other non-XML formats, require a special encoding for inclusion. The Web Services Security specification describes how to encode binary security tokens such as X.509 certificates and Kerberos tickets, and it also describes how to include opaque encrypted keys. The specification also includes extensibility mechanisms that you can use to further describe the characteristics of the credentials that are included with a message.
WebSphere Application Server Version 5.0.2 supports user name tokens, which include both user name and password for basic authentication and user name, which is used for identity assertion. The WebSphere Application Server Version 5.0.2 binary security token implementation supports both X.509 certificates and LTPA binary security. You extend the implementation to generate other types of tokens. However, Kerberos tickets are not supported in WebSphere Application Server Version 5.0.2. Each type of token is processed by a corresponding token generation and validation module. The binary token generation and validation modules are pluggable that is based on the Java Authentication and Authorization Service (JAAS) framework. For example, an arbitrary XML-based token format is supported using the JAAS pluggable framework. WebSphere Application Server Version 5.0.2 does not support an XML-based token that is used in the SecurityTokenReference.
?xml version="1.0" encoding="UTF-8"?> <com.ibm.etools.webservice.wsext:WsExtension xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:com.ibm.etools.webservice.wsext= "http://www.ibm.com/websphere/appserver/schemas/5.0.2/wsext.xmi" xmi:id="WsExtension_1052760331306" routerModuleName="StockQuote.war"> <wsDescExt xmi:id="WsDescExt_1052760331306" wsDescNameLink="StockQuoteFetcher"> <pcBinding xmi:id="PcBinding_1052760331326" pcNameLink="urn:xmltoday-delayed-quotes" scope="Session"> <serverServiceConfig xmi:id="ServerServiceConfig_1052760331326"actorURI="myActorURI"> <securityRequestReceiverServiceConfig xmi:id="SecurityRequestReceiverServiceConfig_1052760331326"> <loginConfig xmi:id="LoginConfig_1052760331326"> <authMethods xmi:id="AuthMethod_1052760331326" text="BasicAuth"/> <authMethods xmi:id="AuthMethod_1052760331327" text="IDAssertion"/> <authMethods xmi:id="AuthMethod_1052760331336" text="Signature"/> <authMethods xmi:id="AuthMethod_1052760331337" text="LTPA"/> </loginConfig> <idAssertion xmi:id="IDAssertion_1052760331336" idType="Username" trustMode="Signature"/>
<?xml version="1.0" encoding="UTF-8"?> <com.ibm.etools.webservice.wscext:WsClientExtension xmi:version="2.0" mlns:xmi="http://www.omg.org/XMI" xmlns:com.ibm.etools.webservice.wscext= "http://www.ibm.com/websphere/appserver/schemas/5.0.2/wscext.xmi" xmi:id="WsClientExtension_1052760331496"> <ServiceRefs xmi:id="ServiceRef_1052760331506" serviceRefLink="service/StockQuoteService"> <portQnameBindings xmi:id="PortQnameBinding_1052760331506" portQnameLocalNameLink="StockQuote"> <clientServiceConfig xmi:id="ClientServiceConfig_1052760331506" actorURI="myActorURI"> <securityRequestSenderServiceConfig xmi:id="SecurityRequestSenderServiceConfig_1052760331506" actor="myActorURI"> <loginConfig xmi:id="LoginConfig_1052760331506" authMethod="BasicAuth"/>