+

Search Tips   |   Advanced Search

Login mappings collection


To view a list of configurations for validating security tokens within incoming messages. Login mappings map an authentication method to a Java™ Authentication and Authorization Service (JAAS) login configuration to validate the security token. Four authentication methods are predefined in the WAS: BasicAuth, Signature, IDAssertion, and Lightweight Third Party Authentication (LTPA).

There is an important distinction between V5.x and V6 and later applications. The information in this article supports Version 5.x applications only that are used with WAS V 6.0.x and later. The information does not apply to V6.0.x and later applications.

To view this admin console page for the cell level...

  1. Click Security > JAX-WS and JAX-RPC security runtime

  2. Under Additional properties, click Login mappings.

  3. Click New to create a new login mapping or click an existing configuration to modify its settings.

To view this admin console page for the server level...

  1. Click Servers > Server Types > WebSphere application servers > server_name.

  2. Under Security, click JAX-WS and JAX-RPC security runtime.

    In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for WS-Security

  3. Under Additional properties, click Login mappings.

  4. Click either New to create a new login mapping configuration or click the name of an existing configuration.

To view this admin console page for the application level...

  1. Click Applications > Application Types > WebSphere enterprise apps > application_name.

  2. Under Modules, click Manage modules > URI_name.

  3. Under WS-Security properties, click Web services: Server security bindings.

  4. Click Edit under Request receiver binding.

  5. Click Login mappings.

If we click Update runtime, the WS-Security run time is updated with the default binding information, which is contained in the ws-security.xml file that was previously saved. After specify the authentication method, the JAAS configuration name, and the Callback Handler Factory class name on this panel, complete the following steps:

  1. Click Save in the messages section at the top of the admin console.

  2. Click Update runtime. When you click Update runtime, the configuration changes made to the other Web services also are updated in the WS-Security run time.

If the login mapping configuration is not found on the application level, the Web services run time searches for the login mapping configuration on the server level. If the configuration is not found on the server level, the Web services run time searches the cell.

Authentication method

Authentication method used for validating the security tokens.

The following authentication methods are available:

BasicAuth

The basic authentication method includes both a user name and a password in the security token. The information in the token is authenticated by the receiving server and is used to create a credential.

Signature

The signature authentication method sends an X.509 certificate as a security token. For LDAP registries, the distinguished name (DN) is mapped to a credential, which is based on the LDAP certificate filter settings. For local OS registries, the first attribute of the certificate, usually the common name (CN) is mapped directly to a user name in the registry.

IDAssertion

The identity assertion method maps a trusted identity (ID) to a WAS credential. This authentication method only includes a user name in the security token. An additional token is included in the message for trust purposes. When the additional token is trusted, the IDAssertion token user name is mapped to a credential.

LTPA

Lightweight Third Party Authentication (LTPA) validates an LTPA token.

JAAS configuration name

Name of the JAAS configuration.

Callback handler factory class name

Name of the factory for the CallbackHandler class.




 

Related concepts


BasicAuth authentication method
Identity assertion authentication method
Signature authentication method
Lightweight Third Party Authentication
Login mappings

 

Related tasks


Secure Web services for V5.x applications using XML digital signature

 

Related


Login mapping settings