Use this page to configure the caller settings. The caller specifies the token or message part that is used for authentication.
You can configure the caller settings for message parts when you are editing a default cell or server binding. You can also configure application specific bindings for tokens and message parts that are required by the policy set.
This administrative console panel applies only to Java API for XML Web Services (JAX-WS) applications.
Specifies the name of the caller to use for authentication. Enter a caller name in this required field. This arbitrary name identifies this caller setting.
Specifies the order of preference for the callers. The order determines which caller will be utilized when multiple authentication tokens are received.
You can change the order of preference by moving a caller up or down in the list. Click the checkbox next to a caller name to select the caller, then click the Move up button to move the caller higher in the list, or click the Move down button to move the caller to a lower position in the preference order.
Button | Resulting Action |
---|---|
Move up | Moves the order of the selected caller up in the caller list. |
Move down | Moves the order of the selected caller down in the caller list. |
Specifies the local name of the caller to use for authentication. Enter a caller identity local name in this required field.
When specifying an LTPA caller, use LTPA as the local name for a caller that uses an older binding, prior to IBM® WebSphere® Application Server, Version 7.0. Newer bindings for IBM WebSphere Application Server, Version 7.0 and later should use LTPAv2 as the local name. Specifying LTPAv2 allows both LTPA and LTPAv2 tokens to be consumed, unless the Enforce token version option is selected on the token consumer.
See the Caller identity namespace URI field description for a list of possible values
Specifies the uniform resource identifier (URI) of the caller to use for authentication. Enter a caller URI in this field.
When specifying an LTPA caller, use http://www.ibm.com/websphere/appserver/tokentype/5.0.2 as the URI for a caller that uses an older binding, prior to IBM WebSphere Application Server, Version 7.0. Newer bindings for IBM WebSphere Application Server, Version 7.0 and later should use the http://www.ibm.com/websphere/appserver/tokentype URI.
Token type | Caller identity local part | Caller identity namespace URI |
---|---|---|
Username token 1.0 | http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken | |
Username token 1.1 | http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken | |
X509 certificate token | http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 | |
X509 certificates in a PKIPath | http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1 | |
A list of X509 certificates and CRLs in a PKCS#7 | http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#PKCS7 | |
LTPA token (prior to Version 7.0) | LTPA | http://www.ibm.com/websphere/appserver/tokentype/5.0.2 |
LTPA token (Version 7.0) | LTPAv2 | http://www.ibm.com/websphere/appserver/tokentype |
LTPA propagation token | LTPA_PROPAGATION | http://www.ibm.com/websphere/appserver/tokentype |
SAML 1.1 token | http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 | |
SAML 2.0 token | http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 | |
Kerberos token | http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ |
When the trusted identity is based on a signing token, select the signing part reference that represents the message parts signed by that token.
If you select the Signing part reference option, you must specify a callback handler for the bindings to work properly.
Specifies whether identity assertion is used when authenticating.
Select this check box if you want to use identity assertion. When you select this checkbox, the Trusted identity local name and Trusted identity namespace URI fields are enabled.
Specifies the trusted identity local name when the identity assertion is used.
If you select the Use identity assertion option and a trust token exists in the WS-Security policy, you must provide a value for the Trusted identity local name field for the bindings to work properly.
Specifies the trusted identity uniform resource identifier (URI).
Specifies the class name of the callback handler. Enter the class name of the callback handler in this field.
If you provide a value for the Trusted identity local name field and you do not set the token consumer for the trust token to Trust any certificate, then you must set the value in this Callback handler field to com.ibm.ws.wssecurity.impl.auth.callback.TrustedIdentityCallbackHandler.
property name="trustedId_0", value="CN=Bob,O=ACME,C=US" property name="trustedId_1", value="user1"
Specifies the Java Authentication and Authorization Service (JAAS) application login. You can enter a JAAS login, select one from the menu, or click New to add a new one.
For information on updating the Kerberos system JAAS login module for JAX-WS applications, read the topic Updating the system JAAS login with the Kerberos login module.
Specifies the name of the custom property.
Custom properties are not initially displayed in this column. Select one of the following actions for custom properties:
Button | Resulting Action |
---|---|
New | Creates a new custom property entry. To add a custom property, enter the name and value. |
Edit | Specifies that you can edit the custom property value. At least one custom property must exist before this option is displayed. |
Delete | Removes the selected custom property. |
Specifies the value of the custom property that you want to use. Use the Value field to add, edit, or delete the value for a custom property.