This example presents a pure Java client, C, accessing a secure enterprise bean on S1. C authenticates to S1 using Secure Sockets Layer (SSL) client certificates. S1 maps the common name of the distinguished name (DN) in the certificate to a user in the local registry. The user in this case is bob. The enterprise bean code on S1 accesses another enterprise bean on S2. Because the RunAs mode is system, the invocation credential is set as server1 for any outbound requests.
Configuring C
C requires transport layer authentication (SSL client certificates):
All further configuration involves setting properties within this file.
In this case, SSL is supported but not required: com.ibm.CSI.performTransportAssocSSLTLSSupported=true, com.ibm.CSI.performTransportAssocSSLTLSRequired=false
Configuring S1
In the administrative console, S1 is configured for incoming connections to support SSL with client certificate authentication. The S1 server is configured for outgoing requests to support message layer client authentication.
Configuring S2
In the administrative console, the S2 server is configured for incoming requests to support message layer authentication over SSL. Configuration for outgoing requests is not relevant for this scenario.
Related reference
Scenario 1: Basic authentication and identity assertion
Scenario 2: Basic authentication, identity assertion, and client certificates
Scenario 4: TCP/IP transport using a virtual private network
Scenario 5: Interoperability with WebSphere Application Server Version 4.x
Example: Common Secure Interoperability Version 2 scenarios