JAAS configuration settings
Use this page to specify the name of the Java™ Authentication and Authorization Service (JAAS) configuration that is defined in the JAAS login panel.
Complete the following steps to
access this page on
the cell level:
- Click .
- Under JAX-RPC Default Consumer Bindings, click New to create a new token consumer. or click
- Under Additional properties, click JAAS configuration.
Complete the following
steps to access this page on the server
level:
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
混合版本環境: In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under JAX-RPC Default Consumer Bindings, click New to create a new token consumer. or click
- Under Additional properties, click JAAS configuration.
Complete
the following steps to access this page
on the application level:
- Click .
- Under Modules, click .
- Under Web Services Security Properties, you can access the JAAS
configuration settings for the following bindings:
- For the Response consumer (receiver) binding, click Web services: Client security bindings. Under Response consumer (receiver) binding, click Edit custom. Under Required properties, click or click New to create a new token consumer. Under Additional properties, click JAAS configuration.
- For the Request consumer (receiver) binding, click Web services: Server security binding. Under Request consumer (receiver) binding, click Edit custom. Under Required properties, click or click New to create a new token consumer. Under Additional properties, click JAAS configuration.
Important: If you create a new token consumer, you must click Apply before you can proceed to the JAAS configuration.
JAAS configuration name
Specifies the name of the JAAS system or application login configuration.
Do not remove the predefined system or application login configurations. However, within these configurations, you can add module class names and specify the order in which the application server loads each module.
Preconfigured system login configurations
The
following predefined system login configurations are defined on the
system logins panel, which is accessible by completing the following
steps:
- Click .
- Expand Java Authentication and Authorization Service, click System logins.
- system.wssecurity.IDAssertionUsernameToken
- Enables a Version 6.x application to use identity assertion to map a user name to an application server credential principal.
- system.wssecurity.IDAssertion
- Enables an application to use identity assertion to map a user name to an application server credential principal.
- system.wssecurity.Signature
- Enables an application to map a distinguished name (DN) in a signed certificate to an application server credential principal.
- system.LTPA_WEB
- Processes login requests used by the web container such as servlets and JavaServer Pages (JSP) files.
- system.WEB_INBOUND
- Handles logins for web application requests, which include servlets and JavaServer Pages (JSP) files.
- system.RMI_INBOUND
- Handles logins for inbound Remote Method Invocation (RMI) requests.
- system.DEFAULT
- Handles the logins for inbound requests that are made by internal authentications and most of the other protocols ecept web applications and RMI requests.
- system.RMI_OUTBOUND
- Processes RMI requests that are sent outbound to another server
when either the com.ibm.CSI.rmiOutboundLoginEnabled or the com.ibm.CSIOutboundPropagationEnabled
properties are true. These properties are set in the Common
Secure Interoperability Version 2 (CSIv2) authentication panel.
To access the panel, click CSIv2 Outbound authentication. To set the com.ibm.CSI.rmiOutboundLoginEnabled property, select the Custom outbound mapping option. To set the com.ibm.CSIOutboundPropagationEnabled property, select the Security attribute propagation option.
. Epand RMI/IIOP security, click - system.wssecurity.509BST
- Verifies an .509 binary security token (BST) by checking the validity of the certificate and the certificate path.
- system.wssecurity.PKCS7
- Verifies an .509 certificate with a certificate revocation list in a Public Key Cryptography Standards #7 (PKCS7) object.
- system.wssecurity.PkiPath
- Verifies an .509 certificate with a public key infrastructure (PKI) path.
- system.wssecurity.UsernameToken
- Verifies basic authentication (user name and password).
Application login configurations
The following predefined application login configurations are defined on the Application logins panel, which is accessible by completing the following steps:- Click .
- Expand Java Authentication and Authorization Service, click Application logins.
- ClientContainer
- Specifies the login configuration that is used by the client container application. This application uses the CallbackHandler API that is defined in the deployment descriptor of the client container.
- WSLogin
- Specifies whether all applications can use the WSLogin configuration to perform authentication for the application server security run time.
- DefaultPrincipalMapping
- Specifies the login configuration that is used by Java 2 Connectors (J2C) to map users to principals that are defined in the J2C authentication data entries.