Advanced security features

IBM MobileFirst Platform Foundation supports more features that can use LTPA in advanced scenarios, such as user certificate authentication and role-based authentication.

Role-based authentication

In IBM Worklight v6.1 and later, role-based authentication is supported. This feature allows the MobileFirst LTPA realm to be configured to restrict access to a specific Enterprise Edition (Java EE) , Enterprise Edition role. The realm denies the user if the user is not authorized to the role specified. This feature is optional. By not defining a required role in the realm's configuration, all users get an LTPA token and are authorized if credentials are correct.

See WASLTPAModule login module.

User certificate authentication

In IBM Worklight v6.1 and later, the User Certificate Authentication feature is supported. This form of authentication allows users to authenticate through an X.509 client certificate over SSL. The realm definition includes parameters to configure the authenticator, which includes the concept of a dependent realm. The dependent realm is a realm that is required to be authenticated before the user certificate can be generated. After the user logs in to the dependent realm, the user certificate authenticator uses the user identity to build the certificate signing request (CSR) and certificate.

See User certificate authentication.

Parent topic: MobileFirst security overview