WAS v8.5 > Secure applications > Secure the Liberty profile and its applications

Authenticate users in the Liberty profile

The Liberty profile server uses a user registry to authenticate a user and retrieve information about users and groups to perform security-related operations, including authentication and authorization. To learn about how authentication works in the Liberty profile, see Liberty profile: Authentication.

The authentication tasks that we can configure might vary depending on your requirements. Unless we have used the quickStartSecurity element that can configure only one user, we have to configure the user registry at the least. We do not have to configure the values for JAAS, authentication Cache and SSO tasks unless to change the default values. Configure TAI configuration only when we have an implementation of TAI interface to handle authentication.

See also

• Configure a user registry for the Liberty profile
  We can store user and group information for authentication in several types of registry. For example we can use a basic user registry, or an LDAP registry.
• Configuring the authentication cache on the Liberty profile
  This topic describes how to modify the way that authenticated users are cached on the Liberty profile.
• Configure a JAAS custom login module for the Liberty profile
  We can configure a custom Java™ Authentication and Authorization Service (JAAS) login module before or after the Liberty profile server login module.
• Configuring LTPA on the Liberty profile
  This topic describes how we can configure a Liberty profile server to use a specific Lightweight Third Party Authentication (LTPA) keys file, user-defined password, and expiration time.
• Customizing SSO configuration using LTPA cookies for the Liberty profile
  With single sign-on (SSO) configuration support, web users can authenticate once when accessing Liberty profile resources such as HTML, JavaServer Pages (JSP) files, and servlets, or accessing resources in multiple Liberty profile servers that share the same Lightweight Third Party Authentication (LTPA) keys.
• Configuring RunAs authentication in the Liberty profile
  We can delegate to another identity during authentication by configuring RunAs specification for the Liberty profile.
• Configuring TAI for the Liberty profile
  We can configure the Liberty profile to integrate with a third-party security service using Trust Association Interceptors (TAI). The TAI can be called before or after single sign-on (SSO).

Related concepts:

Liberty profile: Authentication

Related

Authorizing access to resources in the Liberty profile
Configure authorization for applications on the Liberty profile

|