JAAS configuration settings

 

JAAS configuration settings

Use this page to specify the name of the Java Authentication and Authorization Service (JAAS) configuration that is defined in the JAAS login panel. Complete the following steps to access this page on the cell level:

  1. Click Security > Web services .

  2. Under Default consumer bindings, click Token consumers > token_consumer_name or click New to create a new token consumer.

  3. Under Additional properties, click JAAS configuration .
Complete the following steps to access this page on the server level:

  1. Click Servers > Application Servers > server_name.

  2. Under Security, click Web services: Default bindings for Web services
    security
    .

  3. Under Default consumer bindings, click Token consumers > token_consumer_name or click New to create a new token consumer.

  4. Under Additional properties, click JAAS configuration .
[Version 6 only]Complete the following steps to access this page on the application level:

  1. Click Applications > Enterprise applications > application_name.

  2. Under Related items, click EJB modules or Web modules > URI_name.

  3. Under Additional properties, you can access the JAAS configuration settings for the following bindings:

    • For the Response consumer (receiver) binding, click Web services: Client
      security bindings
      . Under Response consumer (receiver) binding, click Edit custom . Under Required properties, click Token consumers > token_consumer_name or click New to create a new token consumer. Under Additional properties, click JAAS configuration .

    • For the Request consumer (receiver) binding, click Web services: Server
      security binding
      . Under Request consumer (receiver) binding, click Edit custom . Under Required properties, click Token consumers > token_consumer_name or click New to create a new token consumer. Under Additional properties, click JAAS configuration .

JAAS configuration name

The name of the JAAS system or application login configuration.

Do not remove the predefined system or application login configurations. However, within these configurations, you can add module class names and specify the order in which WebSphere Application Server loads each module.

Preconfigured system login configurations

The following predefined system login configurations are defined on the system logins panel, which is accessible by completing the following steps:

  1. Click Security > Global security .

  2. Under Authentication, click JAAS configuration > System logins .

system.wssecurity.IDAssertionUsernameToken

Enables a Version 6 application to use identity assertion to map a user name to a WebSphere Application Server credential principal.

system.wssecurity.IDAssertion

Enables a Version 5.x application to use identity assertion to map a user name to a WebSphere Application Server credential principal.

system.wssecurity.Signature

Enables a Version 5.x application to map a distinguished name (DN) in a signed certificate to a WebSphere Application Server credential principal.

system.LTPA_WEB

Processes login requests used by the Web container such as servlets and
JavaServer Pages (JSP) files.

system.WEB_INBOUND

Handles logins for Web application requests, which include servlets and
JavaServer Pages (JSP) files. This login configuration is used by WebSphere Application Server Version 5.1.1.

system.RMI_INBOUND

Handles logins for inbound Remote Method Invocation (RMI) requests. This login configuration is used by WebSphere Application Server Version 5.1.1.

system.DEFAULT

Handles the logins for inbound requests that are made by internal authentications and most of the other protocols except Web applications and RMI requests. This login configuration is used by WebSphere Application Server Version 5.1.1.

system.RMI_OUTBOUND

Processes RMI requests that are sent outbound to another server when either the com.ibm.CSI.rmiOutboundLoginEnabled or the com.ibm.CSIOutboundPropagationEnabled properties are true. These properties are set in the Common Secure Interoperability Version 2 (CSIv2) authentication panel.

To access the panel, click Security > Authentication protocol > CSIv2 Outbound authentication . To set the com.ibm.CSI.rmiOutboundLoginEnabled property, select Custom outbound mapping . To set the com.ibm.CSIOutboundPropagationEnabled property, select Security attribute propagation .

system.wssecurity.X509BST

Verifies an X.509 binary security token (BST) by checking the validity of the certificate and the certificate path.

system.wssecurity.PKCS7

Verifies an X.509 certificate with a certificate revocation list in a Public Key Cryptography Standards #7 (PKCS7) object.

system.wssecurity.PkiPath

Verifies an X.509 certificate with a public key infrastructure (PKI) path.

system.wssecurity.UsernameToken

Verifies basic authentication (user name and password).

Application login configurationsThe following predefined application login configurations are defined on the Application logins panel, which is accessible by completing the following steps:

  1. Click Security > Global security .

  2. Under Authentication, click JAAS configuration > Application logins .

ClientContainer

The login configuration that is used by the client container application. This application uses the CallbackHandler API that is defined in the deployment descriptor of the client container.

WSLogin

Whether all applications can use the WSLogin configuration to perform authentication for the WebSphere Application Server security run time.

DefaultPrincipalMapping

The login configuration that is used by Java 2 Connectors (J2C) to map users to principals that are defined in the J2C authentication data entries.



Related tasks
Configuring application logins for Java Authentication and Authorization Service

Related reference
System login configuration entry settings for Java Authentication and Authorization Service
Configuration entry settings for Java Authentication and Authorization Service
Token consumer collection
Token consumer configuration settings



Searchable topic ID: uwbs_jaasconfig