+

Search Tips   |   Advanced Search

Authentication protocol support

Use this page to reference information regarding supported authentication protocols.


Authentication protocol support

Beginning with WebSphere Application Server v8.5, the WAS v8.5 servers only support the CSIv2 (CSIv2) authentication protocol. Secure Authentication Service (SAS) is only supported between Version 6.0.x and previous version servers that have been federated in a v8.5 cell. The option to select between SAS, CSIv2, or both will only be made available in the administration console when a Version 6.0.x or previous release has been federated in a v8.5 cell.

In future releases, IBM will no longer ship or support the Secure Authentication Service (SAS) IIOP security protocol. IBM recommends that you use the Common Secure Interoperability version 2 (CSIv2) protocol.

We can configure both protocols to work simultaneously between Version 6.0.x and previous version servers that have been federated in a v8.5 cell. If a server supports both protocols, it exports an interoperable object reference (IOR) containing tagged components describing the configuration for SAS and CSIv2. If a client supports both protocols, it reads tagged components for both CSIv2 and SAS. If the client and server support both protocols, CSIv2 is used. However, if the server supports SAS (for example, the server is a previous WebSphere Application Server release) and the client supports both protocols, the client chooses SAS for this request.

Choose a protocol using the com.ibm.CSI.protocol property on the client side and configure this protocol through the console on the server side.


(zos) Authentication protocol support for z/OS

Beginning with WebSphere Application Server v8.5, the WAS v8.5 servers only support the CSIv2 (CSIv2) authentication protocol. Secure Authentication Service for z/OS (z/SAS) is only supported between Version 6 and previous version servers that have been federated in a v8.5 cell. The option to select between z/SAS, CSIv2, or both will only be made available in the administration console when a Version 6 or previous release has been federated in a v8.5 cell.

In future releases, IBM will no longer ship or support the Secure Authentication Service (z/SAS) IIOP security protocol. IBM recommends that you use the Common Secure Interoperability version 2 (CSIv2) protocol.

We can configure both protocols to work simultaneously between Version 6.0.x and previous version servers that have been federated in a v8.5 cell. If a server supports both protocols, it exports an interoperable object reference (IOR) containing tagged components describing the configuration for z/SAS and CSIv2. If a client supports both protocols, it reads tagged components for both CSIv2 and z/SAS. If the client and server support both protocols, CSIv2 is used. However, if the server supports z/SAS (for example, the server is a previous WebSphere Application Server release) and the client supports both protocols, the client chooses z/SAS for this request.

CSIv2 is considered enabled on the client with the existence of the com.ibm.CORBA.ConfigURL java property. If the property is not specified or the property does not exist, CSIv2 is not enabled.


Related tasks

  • Secure communications