WAS v8.5 > Develop applications > Develop web services - Security (WS-Security) > Configure Web Services Security during application assembly > Configure signature authentication for v5.x web services with an assembly tool

Configure the server to support signature authentication


Signature authentication refers to an X.509 certificate sent by the client to the server. The certificate is used to authenticate to the user registry configured at the server. After a request is received by the server containing the certificate, the server needs to log in to form a credential. The credential is used for authorization. We can configure signature authentication at the server. There is an important distinction between v5.x and v6.0.x and later applications. The information in this article supports v5.x applications only used with WebSphere Application Server v6.0.x and later. The information does not apply to v6.0.x and later applications.

If the certificate supplied cannot be mapped to an entry in the user registry, an exception is provided and the request ends without invoking the resource.

  1. Launch an assembly tool. For more information, see the related information on Assembly Tools.
  2. Switch to the Java EE perspective by clicking Window > Open perspective > Other > J2EE.

  3. Click EJB Projects > application_name > ejbModule > META-INF.
  4. Right-click the webservices.xml file, and click Open with > Web services editor.

  5. Click the Extensions tab, located at the bottom of the Web Services Editor within the assembly tool.

  6. Expand the Request receiver service configuration details > Login configuration section. We can select from the following options: 

  7. Select Signature to authenticate the client using an X509 certificate. The certificate sent from the client is the certificate that issued for signing the message. You must be able to map this certificate to the configured user registry. For Local operating system (OS) registries, the common name (cn) of the distinguished name (DN) is mapped to a user ID in the registry. For LDAP, we can configure multiple mapping modes:

    • EXACT_DN is the default mode that directly maps the DN of the certificate to an entry in the LDAP server.
    • CERTIFICATE_FILTER is the mode that provides the LDAP advanced configuration with a place to specify a filter that maps specific attributes of the certificate to specific attributes of the LDAP server.

For more information on getting started with the web services editor within the assembly tool, see Configure the server security bindings using an assembly tool.

After we specify how the server handles signature authentication information, specify how the server validates the authentication information. See the task for configuring the server to validate signature authentication.


Related concepts:

Signature authentication method
Development and assembly tools


Related


Configure the server to validate signature authentication information
Configure the server security bindings using an assembly tool


+

Search Tips   |   Advanced Search