JAAS settings

We can specify the name of the JAAS configuration in the JAAS login panel.

To access this page on the cell level:

Security | JAX-WS and JAX-RPC security runtime | JAX-RPC Default Consumer Bindings | Token consumers | [token_consumer_name | New] | Additional properties | JAAS configuration

To access this page on the server level:

Servers | Server Types | WebSphere application servers | server_name | Security | JAX-WS and JAX-RPC security runtime

In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click...

Web services: Default bindings for WS-Security | JAX-RPC Default Consumer Bindings | Token consumers | [token_consumer_name | New] | Additional properties | JAAS configuration

For WAS v6+, to access this page on the application level:

Applications | Application Types | WebSphere enterprise applications | application_name | Modules | Manage modules | URI_name | WS-Security Properties

We can access the JAAS configuration settings for the following bindings:

• For the Response consumer (receiver) binding, click Web services: Client security bindings. Under Response consumer (receiver) binding, click Edit custom. Under Required properties, click Token consumers > token_consumer_name or click New to create a new token consumer. Under Additional properties, click JAAS configuration.

• For the Request consumer (receiver) binding, click Web services: Server security binding. Under Request consumer (receiver) binding, click Edit custom. Under Required properties, click Token consumers > token_consumer_name or click New to create a new token consumer. Under Additional properties, click JAAS configuration.

If we create a new token consumer, click Apply before we can proceed to the JAAS configuration.

JAAS configuration name

Name of the JAAS system or application login configuration.

Do not remove the predefined system or application login configurations. However, within these configurations, we can add module class names and specify the order in which the appserver loads each module.

 

Preconfigured system login configurations

The following predefined system login configurations are defined on the system logins panel, which is accessible by completing the following steps:

1. Click...
   Security | Global security

2. Expand Java Authentication and Authorization Service, click System logins.

system.wssecurity.IDAssertionUsernameToken

Enables a V6.x application to use identity assertion to map a user name to an appserver credential principal.

system.wssecurity.IDAssertion

Enables a V5.x application to use identity assertion to map a user name to an appserver credential principal.

system.wssecurity.Signature

Enables a V5.x application to map a distinguished name (DN) in a signed certificate to an appserver credential principal.

system.LTPA_WEB

Processes login requests used by the Web container such as servlets and JSPs.

system.WEB_INBOUND

Handles logins for Web app requests, which include servlets and JSPs. This login configuration is used by WAS V5.1.1.

system.RMI_INBOUND

Handles logins for inbound RMI requests. This login configuration is used by WAS V 5.1.1.

system.DEFAULT

Handles the logins for inbound requests that are made by internal authentications and most of the other protocols ecept Web apps and RMI requests. This login configuration is used by WAS V 5.1.1.

system.RMI_OUTBOUND

Processes RMI requests that are sent outbound to another server when either the com.ibm.CSI.rmiOutboundLoginEnabled or the com.ibm.CSIOutboundPropagationEnabled properties are true. These properties are set in the CSIv2 authentication panel.

To access the panel, click Security > Global security. Epand RMI/IIOP security, click CSIv2 Outbound authentication. To set the com.ibm.CSI.rmiOutboundLoginEnabled property, select the Custom outbound mapping option. To set the com.ibm.CSIOutboundPropagationEnabled property, select the Security attribute propagation option.

system.wssecurity.509BST

Verifies an .509 binary security token (BST) by checking the validity of the certificate and the certificate path.

system.wssecurity.PKCS7

Verifies an .509 certificate with a certificate revocation list in a Public Key Cryptography Standards #7 (PKCS7) object.

system.wssecurity.PkiPath

Verifies an .509 certificate with a public key infrastructure (PKI) path.

system.wssecurity.UsernameToken

Verifies basic authentication (user name and password).

 

Application login configurations

The following predefined application login configurations are defined on the Application logins panel, which is accessible by completing the following steps:

1. Click...
   Security | Global security

2. Expand Java Authentication and Authorization Service, click Application logins.

ClientContainer

Login configuration used by the client container application. This application uses the CallbackHandler API that is defined in the deployment descriptor of the client container.

WSLogin

Whether all applications can use the WSLogin configuration to perform authentication for the application server security run time.

DefaultPrincipalMapping

Login configuration used by Java 2 Connectors (J2C) to map users to principals defined in the J2C authentication data entries.

---

 

Related tasks

Set programmatic logins for Java Authentication and Authorization Service

 

Related

System login configuration entry settings for Java Authentication and Authorization Service
Configuration entry settings for Java Authentication and Authorization Service
Token consumer collection
Token consumer settings