Configuration entry settings for Java Authentication and Authorization Service
Specify a list of JAAS login configurations for the application code to use, including Java EE components such as enterprise beans, JSP files, servlets, resource adapters, and message-driven beans (MDBs).
To view this administrative console page:
- Click Security > Global security.
- Under Authentication, click JAAS > Application logins.
Read the JAAS specifications before beginning defining additional login modules for authenticating to the application server security run time. We can define additional login configurations for our applications. However, if the application server LoginModule com.ibm.ws.security.common.auth.module.WSLoginModuleImpl module is not used or the LoginModule module does not produce a credential that is recognized by the application server. The application server security run time cannot use the authenticated subject from these login configurations for an authorization check for resource access.
We must invoke Java client programs that use JAAS for authentication with a JAAS configuration file specified.
The application server supplies the wsjaas_client.conf default JAAS configuration file under the app_server_root/properties directory. This configuration file is set in the app_server_root/bin/launchClient.bat file as:
set JAAS_LOGIN_CONFIG=-Djava.security.auth.login.config=%app_server_root%\properties\wsjaas_client.conf(iSeries) The application server supplies the default JAAS configuration file in the profile_root/properties/wsjaas_client.conf file. This configuration file is set in the launchClient Qshell script.
ClientContainer
Login configuration used by the client container application, which uses the CallbackHandler API defined in the client container deployment descriptor.
The ClientContainer configuration is the default login configuration for the application server. Do not remove this default, as other applications that use it fail.
Information Value Default: ClientContainer
DefaultPrincipalMapping
Login configuration used by Java 2 Connectors to map users to principals defined in the J2C authentication data entries.
The ClientContainer configuration is the default login configuration for the application server. Do not remove this default, as other applications that use it fail.
Information Value Default: ClientContainer
WSLogin
Indicates whether all of the applications can use the WSLogin configuration to perform authentication for the application server security run time.
This login configuration does not honor the CallbackHandler handler defined in the client container deployment descriptor. To use this functionality, use the ClientContainer login configuration.
The WSLogin configuration is the default login configuration for the application server. Do not remove this default because other administrative applications that use it fail. This login configuration authenticates users for the application server security run time. Use the credentials from the authenticated subject that are returned from this login configuration as an authorization check for access to application server resources.
Information Value Default: ClientContainer
Related:
JAAS Configure programmatic logins for JAAS Directory conventions