Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows

---

 

Security considerations for WSRP services

When you use WSRP with the portal, you can configure security and provide authentication by using different authentication mechanisms.

You can choose between using Web Services security or Secure Socket Layer (SSL):

• Authentication of the end user by using Web services security. For example, this can be by using Lightweight Third-Party Authentication (LTPA) token forwarding. In this case the Consumer portal passes requests from individual users on to the Producer portal under separate user IDs.

  With IBM^® WebSphere^® Portal Express you can use all security tokens that IBM WebSphere Application Server supports. For most tokens the Consumer and Producer portal need to share the same user registry, for example, LTPA. The example scenarios and configuration procedures in the following sections use LTPA token forwarding.

• Authentication of consumer portal by using Secure Socket Layer Client Certificate Authentication: In this case the Consumer portal channels all requests by its users under the same preset shared user ID and passes them on to the Producer portal. For this option the Consumer and Producer portal can have shared or separate user registries.

Notes:

1. For both Producer and Consumer portals:

   1. You can use both security configurations independently on the portal, providing security by both LTPA token authentication and SSL client certificate authentication. For more detailed information refer to the IBM WebSphere Portal V6.0 Security Overview at URL http://www-128.ibm.com/developerworks/websphere/library/techarticles/0611_buehler/0611_buehler.html.

   2. If you use the portal as both a Producer and a Consumer portal, the security configurations for both these roles are independent of each other.

2. For Producer portals:

   1. For a Producer portal, security for WSRP services is optional. You can configure it if required, but you do not have to provide security.

   2. When you configure WSRP security for a Producer portal by one of these options, you also need to configure Portal Access Control for that Producer portal and give the users of the Consumer portal access permissions.

   3. If you want to allow a Consumer portal that is configured for SSL client certificate authentication to be able to consume your WSRP services, you need to configure at least SSL for your Producer portal, but not necessarily client certificate authentication.

3. For Consumer portals:

   1. For a Consumer portal, you need to provide the same security setup for WSRP as the Producer portal from which you consume WSRP services.

   2. On the Consumer portal, the WSRP services that are consumed as remote portlets behave like local portlets. Therefore you can configure Portal Access Control for the WSRP services on the Consumer portal the same way as for local portlets.

 

Parent topic:

Planning for WSRP

 

Related concepts
How you work with WSRP in the portal Communication between the Producer and Consumer portals Preparing security for a WSRP Producer portal Securing WSRP by LTPA for a Producer portal Securing WSRP by SSL for a Producer portal Enabling Portal Access Control for a WSRP Producer portal Preparing security for a WSRP Consumer portal Securing WSRP by LTPA for a Consumer portal Securing WSRP by SSL for a Consumer portal Enabling Portal Access Control for a WSRP Consumer portal

---