HTTP Basic Authentication Trust Association Interceptor in combination with external authentication servers
When we use the HTTP Basic Authentication Trust Association Interceptor (TAI) with external authentication servers, we can configure the TAI to work for a specific set of requests.
IBM WebSphere Application Server can have multiple TAIs registered for authentication handling. This way use the HTTP Basic Authentication TAI together with other TAIs, for example, the WebSEAL TAI. However, we cannot configure an invocation sequence for the TAIs installeded. We must ensure the TAIs handle disjoint sets of requests. The HTTP Basic Authentication TAI is configured this way by default. For an alternative HTTP Basic Authentication TAI, we can configure the TAI properties for URL pattern filtering by black and white lists. Conflicts can arise if the security server relies on Basic Authentication or if other non-standard configurations are wanted.
Normal configuration of an external authentication server protects the HTML-based entry points into the portal, for example, /wps/myportal. When the authentication server handles the initial request, shared tokens known to the authentication server are exchanged and used for subsequent requests through the authentication server. Similarly, when the request makes it to the Portal Java virtual machine, the TAIs handle the initial authentication trust request. Then, they generate an LtpaToken or LtpaToken2 shared token for subsequent requests, including REST or XML-based requests.