+

Search Tips   |   Advanced Search

Authentication protocol support

Beginning with WebSphere Application Server v9.0, the WAS v9.0 servers only support the CSIv2 authentication protocol. Secure Authentication Service (SAS) is only supported between v6.0.x and previous version servers that have been federated in a v9.0 cell. The option to select between SAS, CSIv2, or both will only be made available in the administration console when a v6.0.x or previous release has been federated in a v9.0 cell.

In future releases, IBM will no longer ship or support the Secure Authentication Service (SAS) IIOP security protocol. IBM recommends that we use the Common Secure Interoperability version 2 ( CSIv2) protocol.

We can configure both protocols to work simultaneously between v6.0.x and previous version servers that have been federated in a v9.0 cell. If a server supports both protocols, it exports an interoperable object reference (IOR) containing tagged components describing the configuration for SAS and CSIv2. If a client supports both protocols, it reads tagged components for both CSIv2 and SAS. If the client and server support both protocols, CSIv2 is used. However, if the server supports SAS (for example, the server is a previous WAS release) and the client supports both protocols, the client chooses SAS for this request.

Choose a protocol using the com.ibm.CSI.protocol property on the client side and configure this protocol through the administrative console on the server side.


(ZOS) Authentication protocol support for z/OS

Beginning with WAS v9.0, the WAS v9.0 servers only support the CSIv2 authentication protocol. Secure Authentication Service for z/OS (z/SAS) is only supported between v6 and previous version servers that have been federated in a v9.0 cell. The option to select between z/SAS, CSIv2, or both will only be made available in the administration console when a v6 or previous release has been federated in a v9.0 cell.

In future releases, IBM will no longer ship or support the Secure Authentication Service (z/SAS) IIOP security protocol. IBM recommends that we use the Common Secure Interoperability version 2 ( CSIv2) protocol.

We can configure both protocols to work simultaneously between v6.0.x and previous version servers that have been federated in a v9.0 cell. If a server supports both protocols, it exports an interoperable object reference (IOR) containing tagged components describing the configuration for z/SAS and CSIv2. If a client supports both protocols, it reads tagged components for both CSIv2 and z/SAS. If the client and server support both protocols, CSIv2 is used. However, if the server supports z/SAS (for example, the server is a previous WAS release) and the client supports both protocols, the client chooses z/SAS for this request.

CSIv2 is considered enabled on the client with the existence of the com.ibm.CORBA.ConfigURL java property. If the property is not specified or the property does not exist, CSIv2 is not enabled.

  • Secure communications