View Web services server deployment descriptor

Use this page to view your server deployment descriptor settings.

To view this administrative console page, complete the following steps...

  1. Click Applications > Enterprise Applications > appname.

  2. Under Related Items, click Web Modules > URI_file_name > View Web Services Server Deployment Descriptor.

WAS has two levels of bindings... application-level and server-level. WebSphere Application Server Network Deployment has three levels of bindings: application-level, server-level, and cell-level. The information in the following implementation descriptions indicate how to configure your application-level bindings. To configure the server-level bindings, which are the defaults, complete the following steps...

  1. Click Servers > Application Servers > server_name.

  2. Under Related Items, click Web Services: Default bindings for Web Services Security.

To configure the cell-level bindings, click Security > Web Services.

 

Request digital signature verification

If the integrity constraints (signature required) are defined, verify that you configured the signing information in the binding files.

To configure the signing parameters, complete the following steps...

  1. Click Applications > Enterprise Applications > appname.

  2. Under Related Items, click Web Modules > URI_file_name > Web Services: Server Security Bindings.

  3. In the Request Receiver Binding column, click Edit > Signing Information.

To configure the trust anchor, complete the following steps...

  1. Click Servers > Application Servers > server.

  2. Under Additional Properties, click Web Services: Default bindings for Web Services Security > Trust Anchors.

To configure the collection certificate store, complete the following steps...

  1. Click Servers > Application Servers > server_name.

  2. Under Related Items, click Web Services: Default bindings for Web Services Security > Collection Certificate Store.

To configure the key locators, complete the following steps...

  1. Click Servers > Application Servers > server.

  2. Under Additional Properties, click Web Services: Default bindings for Web Services Security > Key Locators.

 

Request decryption

If the confidentiality constraints (encryption) are specified, verify that the encryption information is defined.

To configure the encryption information parameters, complete the following steps...

  1. Click Enterprise Applications > appname.

  2. Under Related Items, click Web Module.

  3. Under Additional Properties, click Web Services: Server Security Bindings. Under Request Receiver Binding, click Edit > Encryption Information.

To configure the key locators, complete the following steps...

  1. Click Servers > Application Servers > server.

  2. Under Additional Properties, click Web Services: Default bindings for Web Services Security > Key Locators.

 

BasicAuth authentication

If BasicAuth authentication is configured as the required security token, specify the CallbackHandler in the binding file to collect the basic authentication data. The following list contains CallBack support implementations...

com.ibm.wsspi.wssecurity.auth.callback.GuiPromptCallbackHandler The implementation prompts for BasicAuth information (user name and password) in an interface panel.

com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler This implementation reads the BasicAuth information from the binding file.

com.ibm.wsspi.wssecurity.auth.callback.StdPromptCallbackHandler This implementation prompts for a user name and password using the standard in (stdin) prompt.

To configure the login mapping information, complete the following steps...

  1. Click Server > Application Servers > server.

  2. Under Additional Properties, click Web Services: Default bindings for Web Services Security > Login Mappings.

 

Identity (ID) Assertion authentication with the BasicAuth TrustMode

Configure a login binding in the bindings file with a com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler implementation. Specify a BasicAuth user ID and password that a TrustedIDEvaluator on a downstream server trusts.

To configure the login mapping information, complete the following steps...

  1. Click Server > Application Servers > server.

  2. Under Additional Properties, click Web Services: Default bindings for Web Services Security > Login Mappings.

 

Identity (ID) Assertion authentication with the Signature TrustMode

Configure the signing information in the bindings file with a signing key pointing to a key locator. The key locator contains the X.509 certificate that is trusted by the downstream server.

To configure the login mapping information, complete the following steps...

  1. Click Server > Application Servers > server.

  2. Under Additional Properties, click Web Services: Default bindings for Web Services Security > Login Mappings.

The JAAS uses WSLogin as the name of the login configuration. To configure JAAS, click Security > JAAS Configuration > Application Logins.

The value of the <TrustedIDEvaluatorRef> tag in the binding must match the value of the <TrustedIDEvaluator> name.

To configure the trusted ID evaluators, complete the following steps...

  1. Click Servers > Application Servers > server.

  2. Under Additional Services, click Web Services: Default bindings for Web Services Security > Trusted ID Evaluators.

 

Response signing

If the integrity constraints (digital signature) are defined, verify that you have the signing information configured in the binding files.

To specify the signing information, complete the following steps...

  1. Click Applications > Enterprise Applications > appname.

  2. Under Related Items, click Web Modules > URI_file_name > Web Services: Server Security Bindings .

  3. In the Request Receiver Binding column, click Edit > Signing Information.

To configure the key locators, complete the following steps...

  1. Click Servers > Application Servers > server.

  2. Under Additional Properties, click Web Services: Default bindings for Web Services Security > Key Locators.

 

Response encryption

If the confidentiality constraints (encryption) are specified, verify that the encryption information is defined.

To specify the encryption information, complete the following steps...

  1. Click Enterprise Applications > appname.

  2. Under Related Items, click Web Module.

  3. Under Additional Properties, click Web Services: Server Security Bindings.

  4. Under Request Receiver Binding, click Edit > Encryption Information.

To configure the key locators, complete the following steps...

  1. Click Servers > Application Servers > server.

  2. Under Additional Properties, click Web Services: Default bindings for Web Services Security > Key Locators.

 

See Also

Configurations
Web services: default bindings for the Web services security collection
View Web services client deployment descriptor