CSIv2
The following CSIv2 (CSIv2) features are available in IBM WebSphere Application Server:
- Identity Assertion.
Supports a downstream server in accepting the client identity that is established on an upstream server, without having to authenticate again. The downstream server trusts the upstream server.
- Message Layer Authentication.
Authenticates credential information and sends that information across the network so that a receiving server can interpret it.
- SSL Client Certificate authentication.
An additional way to authenticate a client to a server using SSL client authentication.
- Security attribute propagation
Supports the use of the authorization token to propagate serialized Subject contents and PropagationToken contents with the request. We can propagate these objects using a pure client or a server login that adds custom objects to the Subject. Propagating security attributes prevents downstream logins from having to make UserRegistry calls to look up these attributes.
Propagating security attributes is also useful when the security attributes contain information that is only available at the time of authentication (meaning this information cannot be located using the UserRegistry on downstream servers).
See Also
Security attribute propagation
See Also
Secure Sockets Layer client certificate authentication
Message layer authentication
Identity assertion