Configure digest authentication for Oracle Internet Directory
You can configure digest authentication for Oracle Internet Directory, an implementation of the LDAP that uses the Oracle database as a repository for directory entries. To configure digest authentication for Oracle Internet Directory, you will need to:
- Install Oracle Internet Directory version 9.0.2.
- Set up and activate LTPA. For more information, see the Lightweight Third Party Authentication section.
- You also may want to refer to the section Configure a custom trust association interceptor for more TAI information.
Overview
Complete the following procedure to configure digest authentication for Oracle Internet Directory on WAS:
Procedure
- To set up digest authentication, verify that Lightweight Third Party Authentication (LTPA) is configured for use on your server by selecting Security > Secure administration, applications, and infrastructure > Authentication mechanisms. In the Configuration tab on the Authentication mechanisms and expiration page you should see the Password field already filled in.
- In the console, click Security > Secure administration, applications, and infrastructure .
- Under Authentication, expand Web security and click on Trust association.
- On the Configuration tab, under General properties, make sure the Enable trust association box is checked. Then click Apply.
- On the Interceptors page of the administration console look for com.ibm.ws.sip.security.digest.SIPDigestOID in the Interceptor class name list:
- If this class name in not present, click New to open the Configuration tab and enter com.ibm.ws.sip.security.digest.SIPDigestOID in the Interceptor class name field and click Apply. Then proceed to the following steps.
- If this interceptor class is present, you may set up custom properties for it. To do this, click com.ibm.ws.sip.security.digest.SIPDigestOID > Custom Properties:
- Click OK.
- Navigate through Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expirationto the Configuration tab.
- In the Key generation section, click Generate Keys. (No import or export of the key is necessary.)
- Under the Cross-cell single sign-on section fill in the Password fields.
- Fill in the Internal server ID field.
- Click OK.
- Click to Security > Secure administration, applications, and infrastructure.
- If the box Use Java 2 security to restrict application access to local resources is checked, click to deselect it.
- In the User account repository section of the page, select your LDAP registry from the Available realm definitions drop-down box.
- Click Set as current and then clickApply.
- Save all changes.
- Restart the server.
- Be sure you see the following message appear in the SystemOut.log after the server has restarted:
SECJ0121I: Trust Association Init class com.ibm.ws.sip.security.digest.SIPDigestOID loaded successfullyIf this message does not appear in the log, digest authentication has not been activated.
Related tasks
Configure a custom trust association interceptor
Browse all SIP topics
Configure security for the SIP container