Configure web service binding for LTPA authentication
Use this task to configure a web service binding to perform authentication using LTPA tokens.
Before beginning this task, install Service Component Architecture (SCA) application.
Policy sets can be used to configure web service bindings to perform authentication using LTPA tokens.
- Configure the administrative and application security for the server.
To secure the service so that it only accepts secure requests, and for the service to require authentication, administrative and application security must be enabled for the server. See Securing JAX-WS web services using message-level security.
- Configure the service to require message layer authentication by attaching the LTPA WSSecurity default policy set.
To attach the LTPA WSSecurity default policy set, perform the task, mapping abstract intent to policy sets and policy management.
In addition to attaching the policy set, configure the WS-Security policy to add a caller binding in order for the received subject to be propagated to the thread. To update the default binding to support the caller function, open the console and navigate to Services > Policy sets > General provider policy set bindings > Provider sample > WS-Security > Callers. Create a new Caller with the following values:
Name: Specify any name for this configuration
Caller identity local part: LTPAv2
Caller identity namespace URI: http://www.ibm.com/websphere/appserver/tokentypeFor additional information on LTPA WSSecurity default policy set review the topic, WSSecurity default policy sets. Read also the article about configuring the WS-Security policy.
The following code is an example of configuring the service to support LTPA authentication.
<service name="AccountService"> <binding.ws qos:wsPolicySet="LTPA WSSecurity default" qos:wsServicePolicySetBinding="Provider sample" ... /> </service>
- Configure the client by attaching the LTPA WSSecurity default policy set to a reference.
An example of how to attach the LTPA WSSecurity default policy set to a reference is shown in the code block in this task step. Attaching the LTPA WSSecurity default policy set to a reference by default propagates any existing LTPA tokens on the thread with the request. It is also possible to configure the policy set to create a token for a specific user and send that token with all requests. Refer to the article, WSSecurity default policy sets for detail information.
<reference name="AccountService"> <binding.ws qos:wsPolicySet="LTPA WSSecurity default" ... /> </reference>
Results
When you finish this task, we have configured web service bindings to do LTPA authentication.
What to do next
We can proceed to configuring other application specific bindings.
Related concepts
WSHTTPS default policy set Web Services Security default policy sets
Related tasks
Secure JAX-WS web services using message-level security Secure web services applications at the transport level Attaching a policy set to a service artifact Mapping SCA abstract intents and managing policy sets Create application specific bindings for policy set attachment Configure web services client bindings Configure the WS-Security policy Configure default Web Services Security bindings Configure the HTTP transport policy Configure the SCA web service binding