Configure the server to validate signature authentication information
Configure the server to validate signature authentication information
Important distinction between Version 5.x and Version 6 applications
Note: The information in this article supports version 5.x applications only that are used with WebSphere Application Server Version 6. The information does not apply to version 6 applications.
Use this task to configure signature authentication at the server. Signature authentication refers to an X.509 certificate sent by the client to the server. The certificate is used to authenticate to the user registry configured at the server.
Once a request is received by the server that contains the certificate, the server needs to log in to form a credential. The credential is used for authorization. If the certificate supplied cannot be mapped to an entry in the user registry, an exception is thrown and the request ends without invoking the resource. For more information on signature authentication, see Signature authentication method.
Complete the following steps to configure the server to validate signature authentication:
Launch an assembly tool. For more information on the assembly tools, see Assembly tools.
Open the J2EE perspective by clicking Window > Open perspective > Other > J2EE .
Click Edit to view the login mapping information or click Add to add new login mapping information. The login mapping dialog is displayed and you select (or enter) the following information:
Authentication method
The type of authentication. Select Signature to use signature authentication.
Configuration name
The Java Authentication and Authorization Service (JAAS) login configuration name. For the signature authentication method, enter system.wssecurity.Signature for the JAAS login configuration name. This specification logs in with the com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule JAAS login module.
Use token value type
Determines if you want to specify a custom token type. For the default authentication method selections, you can leave this field blank.
URI and local name
When you select Signature method, you cannot edit the token value type URI and local name values. Specifies custom authentication types.
For signature authentication, you can leave this field blank.
Callback handler factory class name
Creates a JAAS CallbackHandler implementation that understands the following callback handlers:
For any of the default authentication methods (BasicAuth, IDAssertion,
and Signature), use the callback handler factory default implementation.
Enter the following class name for any of the default authentication methods including signature:
This implementation creates the correct callback handler for the default implementations.
Callback handler factory property name and callback handler factory property value
Specifies callback handler properties for custom callback handler factory implementations. You do not need to specify any properties for the default callback handler factory implementation. For signature, you can leave this field blank.
Login mapping property name and login mapping property value
Specifies properties for a custom login mapping to use. For the default implementations including signature, you can leave this field blank.
![[Version 5 only]](../../v5app.gif)