Authentication mechanisms
After the systems are up and running, the next step in setting up security is to select an authentication mechanism to:
- Define rules about security information (for example, whether a credential is forwardable to another Java process)
- The format of how security information is stored in both credentials and tokens.
Authentication is the process of establishing whether a client is valid in a particular context. A client can be either an end user, a machine, or an application.
Authentication mechanisms typically collaborate with a registry containing user and groups accounts. The authentication mechanism is responsible for creating a credential which is an internal product representation of successfully authenticated client user. Not all credentials are created equal. The abilities of the credential are determined by the configured authentication mechanism.
Although WAS provides several authentication mechanisms, only a single active authentication mechanism can be configured at once. The active authentication mechanism is selected when configuring WAS administrative security. WAS supports the following authentication mechanisms:
- LTPA
- Kerberos
- Simple WebSphere Authentication Mechanism (SWAM)
SWAM was deprecated in WAS v9.0 and will be removed in a future release.
Related:
Select a registry or repository