Login module settings for Java Authentication and Authorization Service


To define the login module for a Java™ Authentication and Authorization Service (JAAS) login configuration.

We can define the JAAS login modules for application and system logins. To define these login modules in the admin console, complete the

  1. Click...

      Security | Global security

  2. Under Authentication, click Java Authentication and Authorization Service > Application logins or System logins > alias_name.

  3. Under JAAS login modules, select a login module name to define.

Module class name

Class name of the given login module.

Data type: String

Use login module proxy

The Java Authentication and Authorization Service (JAAS) loads the login module proxy class. JAAS then delegates calls to the login module classes defined in the Module class name field.

Use this option when you use both V5.x and V 6 Application Servers in the same environment. If we migrate a V5.x Application Server to V 6, WAS V6 automatically enables this option. If we have V 6 only cells in the environment, we might choose to deselect this option.

Default: Enabled

Proxy class name

Name of the proxy login module class.

The default login modules defined by the appserver use the com.ibm.ws.security.common.auth.module.WSLoginModuleProxy proxy LoginModule class. This proxy class loads the appserver login module with the thread context class loader and delegates all the operations to the real login module implementation. The real login module implementation is specified as the delegate option in the option configuration. The proxy class is needed because the Developer Kit application class loaders do not have visibility of the appserver product class loaders.

Data type: String

Authentication strategy

Authentication behavior as authentication proceeds down the list of login modules.

A Java Authentication and Authorization Service (JAAS) authentication provider supplies the authentication strategy. In JAAS, an authentication strategy is implemented through the LoginModule interface.

Data type: String
Default: Required
Range: Required, Requisite, Sufficient and Optional

Required

The LoginModule module is required to succeed. Whether authentication succeeds or fails, the process still continues down the LoginModule list for each realm.

Requisite

The LoginModule module is required to succeed. If authentication is successful, the process continues down the LoginModule list in the realm entry. If authentication fails, control immediately returns to the application. Authentication does not proceed down the LoginModule list.

Sufficient

The LoginModule module is not required to succeed. If authentication succeeds, control immediately returns to the application. Authentication does not proceed down the LoginModule list. If authentication fails, the process continues down the list.

Optional

The LoginModule module is not required to succeed. Whether authentication succeeds or fails, the process still continues down the LoginModule list.

Specify additional options by clicking Custom Properties under Additional Properties. These name and value pairs are passed to the login modules during initialization. This process is one of the mechanisms used to passed information to login modules.

Module order

Order in which the Java Authentication and Authorization Service (JAAS) login modules are processed.

Click Set Order to change the processing order of the login modules.






 

Related tasks


Set programmatic logins for Java Authentication and Authorization Service

 

Related


Configuration entry settings for Java Authentication and Authorization Service
System login configuration entry settings for Java Authentication and Authorization Service