ws-trust authentication

Authentication details are passed to a server for verification using the ws-trust protocol. Legacy mechanism supported by IBM Security Verify Access and is also known as oauth-auth.

When OAuth Authentication is enabled, the WebSEAL configuration parameter session lifetime timeout, which is controlled by the timeout entry in the [session] stanza of the WebSEAL configuration file, is ignored. The session lifetime is set to the OAuth token expiry time.

• Enable and disable OAuth authentication
  The oauth-auth stanza entry, located in the [oauth] stanza of the WebSEAL configuration file, enables and disables the OAuth authentication method. By default, OAuth authentication is disabled.
• The user-identity-attribute stanza entry
  OAuth authentication must create a user credential. To do this, OAuth authentication must be provided with a user identity to use when creating this credential. The appliance's implementation of OAuth authentication provides the definition of the user identity through an attribute that is returned by the OAuth server.
• Allowing external users to perform OAuth authentication
  We can allow external users that do not exist in the ISAM registry to perform OAuth authentication.

Parent topic: OAuth Authentication