+

Search Tips   |   Advanced Search

Configure security on the Consumer portal

We can configure security for the consumer. If we enable security, the consumer sends a security token as part of the WSRP request message to the WSRP producer. The security token represents the identity of the user who is logged in to the Consumer Portal. The producer uses the security token to process the WSRP requests under the user identity that is represented by the security token.

For a producer, security for WSRP services is optional. If a producer requires security, the consumer must be configured to use the same security mechanism as the producer. Otherwise, the Consumer cannot consume the portlets that the Producer provides.

Example: A Producer might configure message authentication Web Service Security for the WSRP services using a particular security token type according to the WS-Security standard. In this case, the consumer web services must also be configured for web service security, and they must use the same security token type message authentication. We can configure security for the consumer using either of the following two authentication mechanisms:

HTTP-cookie-based single sign-on

The consumer forwards LTPA v2 HTTP cookies that it receives from the client to the Producer as part of the WSRP request messages. The producer receives the cookie and establishes the corresponding security context on the Producer side. This option requires configuration of the consumer to forward HTTP cookies. It has the following advantages:

  • It does not require configuration of the WSRP web services. It makes it possible for the producer to accept and process both unauthenticated and authenticated requests.

  • The Producer processes unauthenticated requests that do not contain an LTPA V2 cookie without establishing an individual security context.

Web Services Security

We can configure the consumer to use Web Service Security according to the WS-Security standard. The consumer sends a header that complies with the WS-Security standard as part of the WSRP request messages. The header contains credentials that identify and authenticate the user. For example, we can configure the Consumer portal to include Lightweight Third-Party Authentication (LTPA) tokens or Username tokens in the WS-Security header. For this option, both the consumer and the producer must be configured for Web Services Security.

When we configure the consumer for Web Service Security, we can choose the security token type for the WSRP ports of a Producer definition. If we configured the security token type, the consumer portal creates a security token of the selected type when it sends a request to the respective WSRP port of the Producer.

Alternatively, we can manage the configuration of the WSRP service clients in IBM WebSphere Application Server by using policy sets. This type of management includes the security-related aspects and the quality of service related aspects of the service configuration. We configure the service clients and service references of the consumer by attaching an appropriate policy set to the service client. IBM WebSphere Portal WebSphere Portal provides a set of default policy sets and client policy set bindings. To configure them, use the WebSphere Application Server administration functions.

For both setup options, the producer and the WSRP Consumer must be configured for Single Sign-On (SSO). The requirements for SSO depend on the authentication method used. For example, if we use LTPA V2, the consumer and the producer must use the same user registry or use the same realm. In addition, the WSRP Producer and the consumer must exchange shared keys that they use to sign the security credentials.


Subtopics


Parent topic: Information the Consumer exchanges with the Producer