Use this task to configure a web service binding to perform
authentication using Lightweight Third-Party Authentication (LTPA)
tokens.
Before you begin
Before you begin this task, install Service Component Architecture
(SCA) application.
About this task
Policy sets can be used to configure web service bindings
to perform authentication using LTPA tokens.
Procedure
- Configure the administrative and application security for
the server.
In order to secure the service so that it
only accepts secure requests, and for the service to require authentication,
administrative and application security must be enabled for the server.
See Securing JAX-WS web services using message-level security.
- Configure the service to require message layer authentication
by attaching the LTPA WSSecurity default policy set.
To
attach the LTPA WSSecurity default policy set, perform the task, mapping
abstract intent to policy sets and policy management.
In addition
to attaching the policy set, you must configure the WS-Security policy
to add a caller binding in order for the received subject to be propagated
to the thread. To update the default binding to support the caller
function, open the administrative console and navigate to . Create a new Caller with the following values:
Name: Specify any name for this configuration
Caller identity local part: LTPAv2
Caller identity namespace URI: http://www.ibm.com/websphere/appserver/tokentype
For additional information on LTPA WSSecurity
default policy set review the topic, WSSecurity default policy sets.
Read also the article about configuring the WS-Security policy.
The
following code is an example of configuring the service to support
LTPA authentication.
<service name="AccountService">
<binding.ws
qos:wsPolicySet="LTPA WSSecurity default" qos:wsServicePolicySetBinding="Provider sample"
... />
</service>
- Configure the client by attaching the LTPA WSSecurity default
policy set to a reference.
An example of how to attach
the LTPA WSSecurity default policy set to a reference is shown in
the code block in this task step. Attaching the LTPA WSSecurity default
policy set to a reference by default propagates any existing LTPA
tokens on the thread with the request. It is also possible to configure
the policy set to create a token for a specific user and send that
token with all requests. Refer to the article, WSSecurity default
policy sets for detail information.
<reference name="AccountService">
<binding.ws
qos:wsPolicySet="LTPA WSSecurity default"
... />
</reference>
Results
When you finish this task, you have configured web service
bindings to do LTPA authentication.
What to do next
You can proceed to configuring other application specific
bindings.