Login bindings settings (WAS v5 apps)
To configure the encryption and decryption parameters.
There is an important distinction between V5.x and V6 and later applications. The information in this article supports Version 5.x applications only that are used with WAS V6.0.x and later. The information does not apply to V 6.0.x and later applications.
The pluggable token uses JAAS CallBackHandler interface...
javax.security.auth.callback.CallBackHandler..to generate the token that is inserted into the message.
CallBack support implementations...
- com.ibm.wsspi.wssecurity.auth.callback.BinaryTokenCallback
- Generate binary tokens inserted as <wsse:BinarySecurityToken/@ValueType> in the message.
- javax.security.auth.callback.NameCallback and javax.security.auth.callback.PasswordCallback
- Generate user name tokens inserted as <wsse:UsernameToken> in the message.
- com.ibm.wsspi.wssecurity.auth.callback.XMLTokenSenderCallback
- Generate XML tokens and insert as the <SAML: Assertion> element in the message.
- com.ibm.wsspi.wssecurity.auth.callback.PropertyCallback
- Obtain properties specified in the binding file.
Procedure
- Go to...
Applications | Application Types | WebSphere enterprise apps | application_name Modules | Manage modules | URI_file_name | WS-Security Properties | Web Services: Client security bindings | Request Sender Bindings | Edit | Additional properties | Login binding
If the encryption information is not available, select None.
If the encryption information is available, select Dedicated login binding and specify the configuration in the following fields:
- Authentication method
- Unique name for the authentication method.
Uses any string to name the authentication method. However, the string must match the element in the server-level configuration.
The following words are reserved by WAS:
- BasicAuth
- Use both a user name and a password.
- IDAssertion
- Use a user name and require that additional trust is established by the receiving server using a trusted ID evaluator mechanism.
- Signature
- Distinguished name (DN) of the signer.
- LTPA
- Validate the token.
- Callback handler
- Name of the callback handler. The callback handler must implement the javax.security.auth.callback.CallbackHandler interface.
- Basic authentication user ID
- User name for basic authentication. With the basic authentication method, we can define a user name and a password in the binding file.
- Basic authentication password
- for basic authentication.
- Token type URI
- Namespace URI, which denotes the type of security token that is accepted.
The value of this field if is impacted by the following conditions:
- If binary security tokens are accepted, the value denotes the ValueType attribute in the element. The ValueType element identifies the type of security token and its namespace.
- If XML tokens are accepted, the value denotes the top-level element name of the XML token.
- The Token type URI field is ignored if the reserved words, which are listed in the description of the Authentication method field, are specified.
This information is inserted as <wsse:BinarySecurityToken>/ValueType for the <SAML: Assertion> XML token.
- Token type local name
Local name of the security token type. For example, X509v3.
The value of this field if is impacted by the following conditions:
- If binary security tokens are accepted, the value denotes the ValueType attribute in the element. The ValueType element identifies the type of security token and its namespace.
- If XML tokens are accepted, the value denotes the top-level element name of the XML token.
- The Token type URI field is ignored if the reserved words, which are listed in the description of the Authentication method field, are specified.
This information is inserted as <wsse:BinarySecurityToken>/ValueType for the <SAML: Assertion> XML token.
Related tasks
Secure Web services for V5.x applications using XML encryption