View web services server deployment descriptor
View the server deployment descriptor settings.
This administrative console page applies only to JAX-RPC applications.
Before beginning this task, the web services application must be installed.
By completing this task, we can gather information that allows us to maintain or configure binding information. After the web services application is installed, we can view the web services deployment descriptors.
To view this administrative console page:
- Click Applications > Application Types > WebSphere enterprise applications > application_name.
- Under Modules, click Manage modules > URI_name.
- Under Web Services Properties, click View web services server deployment descriptor.
WebSphere Application Server, Network Deployment has three levels of bindings: application-level, server-level, and cell-level. The information in the following implementation descriptions indicate how to configure the application-level bindings. To configure server-level bindings, which are the defaults:
- Click Servers > Server Types > WebSphere application servers > server.
- Under Security, click security runtime.
Mixed-version environment: In a mixed node cell with a server using WAS version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
To configure the cell-level bindings, click Security > security runtime.
- Request digital signature verification
- Request decryption
- Basic authentication
- Identity (ID) assertion authentication with the BasicAuth TrustMode
- Identity (ID) assertion authentication with the signature TrustMode
- Response signing
- Response encryption
Request digital signature verification
If the integrity constraints, which require a signature, are defined, verify that we configured the signing information in the binding files.
To configure signing parameters:
- Click Applications > Application Types > WebSphere enterprise applications > application_name.
- Under Modules, click Manage modules > URI_name.
- Under Web Services Properties, click Web services: Server security bindings.
- Under Request receiver binding, click Edit > Signing information.
To configure the trust anchor:
- Click Servers > Server Types > WebSphere application servers > server.
- Under Security, click security runtime.
Mixed-version environment: In a mixed node cell with a server using WAS version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under Additional properties, click Trust anchors.
To configure the collection certificate store, complete the following steps:
- Click Servers > Server Types > WebSphere application servers > server.
- Under Security, click security runtime.
Mixed-version environment: In a mixed node cell with a server using WAS version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under Additional properties, click Collection certificate store.
To configure the key locators:
- Click Servers > Server Types > WebSphere application servers > server.
- Under Security, click security runtime.
Mixed-version environment: In a mixed node cell with a server using WAS version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under Additional properties, click Key locators.
Request decryption
If the confidentiality constraints (encryption) are specified, verify that the encryption information is defined.
To configure the encryption information parameters:
- Click Applications > Application Types > WebSphere enterprise applications > application_name.
- Under Modules, click Manage modules > URI_name.
- Under Web Services Security properties, click Web services: Server security bindings.
- Under Request receiver binding, click Edit > Encryption information.
To configure the key locators:
- Click Servers > Server Types > WebSphere application servers > server.
- Under Security, click security runtime.
Mixed-version environment: In a mixed node cell with a server using WAS version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under Additional properties, click Key locators.
Basic authentication
If BasicAuth authentication is configured as the required security token, specify the callback handler in the binding file to collect the basic authentication data. The following list contains callback support implementations:
- com.ibm.wsspi.wssecurity.auth.callback.GuiPromptCallbackHandler
- The implementation prompts for BasicAuth information (user name and password) in an interface panel.
- com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
- This implementation reads the BasicAuth information from the binding file.
- com.ibm.wsspi.wssecurity.auth.callback.StdPromptCallbackHandler
- This implementation prompts for a user name and password using the standard in (stdin) prompt.
To configure the login mapping information, complete the following steps:
- Click Servers > Server Types > WebSphere application servers > server.
- Under Security, click security runtime.
Mixed-version environment: In a mixed node cell with a server using WAS version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under Additional properties, click Login mappings.
Identity (ID) assertion authentication with the BasicAuth TrustMode
Configure a login binding in the bindings file with a com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler implementation. Specify a user name and password for basic authentication that a TrustedIDEvaluator on a downstream server trusts.
To configure the login mapping information:
- Click Servers > Server Types > WebSphere application servers > server.
- Under Security, click security runtime.
Mixed-version environment: In a mixed node cell with a server using WAS version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under Additional properties, click Login mappings.
Identity (ID) assertion authentication with the signature TrustMode
Configure signing information in the bindings file with a signing key that points to a key locator. The key locator contains the X.509 certificate that is trusted by the downstream server.
To configure the login mapping information, complete the following steps:
- Click Servers > Server Types > WebSphere application servers > server.
- Under Security, click security runtime.
Mixed-version environment: In a mixed node cell with a server using WAS version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under Additional properties, click Login mappings.
The JAAS uses WSLogin as the name of the login configuration. To configure JAAS:
- Click Security > Global security.
- Under Authentication, click Java Authentication and Authorization Service > Application logins.
The value of the <TrustedIDEvaluatorRef> tag in the binding must match the value of the <TrustedIDEvaluator> name.
To configure the trusted ID evaluators:
- Click Servers > Server Types > WebSphere application servers > server.
- Under Security, click security runtime.
Mixed-version environment: In a mixed node cell with a server using WAS version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under Additional properties, click Trusted ID evaluators.
Response signing
If the integrity constraints (digital signature) are defined, verify that we have the signing information configured in the binding files.
To specify the signing information, complete the following steps:
- Click Applications > Application Types > WebSphere enterprise applications > application_name.
- Under Modules, click Manage modules > URI_name.
- Under Web Services Security properties, click Web services: Server security bindings.
- In the Request receiver binding column, click Edit > Signing information.
To configure the key locators:
- Click Servers > Server Types > WebSphere application servers > server.
- Under Security, click security runtime.
Mixed-version environment: In a mixed node cell with a server using WAS version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under Additional properties, click Key locators.
Response encryption
If the confidentiality constraints (encryption) are specified, verify that the encryption information is defined.
To specify the encryption information:
- Click Applications > Application Types > WebSphere enterprise applications > application_name.
- Under Modules, click Manage modules > URI_name.
- Under Web Services Security properties, click Web services: Server security bindings.
- Under Request receiver binding, click Edit > Encryption information.
To configure the key locators:
- Click Servers > Server Types > WebSphere application servers > server.
- Under Security, click security runtime.
Mixed-version environment: In a mixed node cell with a server using WAS version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under Additional properties, click Key locators.
Migrate Web Services Security-enabled JAX-RPC applications from Java EE Version 1.3 to Version 1.4 View web services client deployment descriptor (JAX-RPC)