Use this page to specify how to acquire the security token that is inserted in the Web Services Security header for JAX-RPC within the SOAP message. The token acquisition is a pluggable framework that leverages the Java Authentication and Authorization Service (JAAS) javax.security.auth.callback.CallbackHandler interface for acquiring the security token.
Specifies the name of the callback handler implementation class that is used to plug in a security token framework.
MyCallbackHandler(String username, char[] password,
java.util.Map properties)
The callback handler implementation obtains the required security token and passes it to the token generator. The token generator inserts the security token in the Web Services Security header within the SOAP message. Also, the token generator is the plug-in point for the pluggable security token framework. Service providers can provide their own implementation, but the implementation must use the com.ibm.websphere.wssecurity.wssapi.token.SecurityToken interface. The Java Authentication and Authorization Service (JAAS) Login Module implementation is used to create the security token on the generator side and to validate (authenticate) the security token on the consumer side, respectively.
Select this option if you have identity assertion defined in the IBM® extended deployment descriptor.
This option indicates that only the identity of the initial sender is required and inserted into the Web Services Security header within the SOAP message. For example, the application server sends only the user name of the original caller for a Username TokenGenerator. For an X.509 token generator, the application server sends the original signer certification only.
Select this option if you have identity assertion defined in the IBM extended deployment descriptor and you want to use the Run As identity instead of the initial caller identity for identity assertion for a downstream call.
This option is valid only if you have Username TokenGenerator configured as a token generator.
Specifies the user name that is passed to the constructors of the callback handler implementation.
These implementations are described in detail under the Callback handler class name field description.
Specifies the password that is passed to the constructor of the callback handler.
Select None if no keystore is needed for this configuration.
Select Predefined keystore to choose predefined keystores with keystore configuration name.
Select User-defined keystore to use user-defined keystores.
The following information needs to be specified:
Specifies the name of the key store configuration defined in the keystore settings in secure communications.
Specifies the password that is used to access the keystore file.
Specifies the location of the keystore file.
Use ${USER_INSTALL_ROOT} in the path name because this variable expands to the product path on your machine. To change the path used by this variable, click USER_INSTALL_ROOT.
and clickSpecifies the type of keystore file format