Configure pluggable tokens using the administrative console

 

Overview

This document describes how to configure a pluggable token in the request sender files...

ibm-webservicesclient-ext.xmi
ibm-webservicesclient-bnd.xmi

...and in the request receiver files...

The pluggable token is required for the request sender and request receiver as they are a pair. The request sender and the request receiver must match for a request to be accepted by the receiver.

 

Configuration Steps

  1. Click...

    Console | Applications | Enterprise Applications | enterprise_application

  2. Under Related Items, click either...

    EJB Modules | URIModule

    ...or...

    Web Modules | URIModule

  3. Under Additional Properties, click...

    Web Services: Client Security Bindings

    ...to edit the response sender binding information, if Web services is acting as the client.

  4. Under Response Sender Binding, click Edit.

  5. Under Additional Properties, click Login Binding.

  6. Select Dedicated Login Binding to define a new login binding or select None to clear the login binding.

    1. Enter the authentication method in the Authentication Method field. This entry must match the authentication method defined in the extension deployment descriptor. The authentication method must be unique in the binding file.

    2. Enter an implementation of the JAAS javax.security.auth.callback.CallbackHandler interface in the Callback Handler field.

    3. (Optional)   Enter the basic authentication user ID and password in the Basic Auth User ID and Basic Auth Password fields, respectively.The basic authentication information is passed to the construct of the CallbackHandler implementation. The usage of the basic authentication information is determined by the CallbackHandler implementation.

    4. Enter the token value type URI and local name in the Token Type URI and Token Type Local Name fields.

      This information is optional for the BasicAuth, Signature and IDAssertion authentication methods, but required for any other authentication method. The token value type is inserted into the element...

      <wsse:BinarySecurityToken>@ValueType

      ...for binary security token and used as the namespace of the XML based token.

    5. Click Apply.

  7. Under Additional Properties, click Properties.

    Define the property with name and value pairs. These pairs are passed to the construct of the CallbackHandler implementation as java.util.Map values.

  8. Click...

    Applications | Enterprise Applications | enterprise_application.

  9. Under Related Items, click either EJB Modules > URI or Web Modules > URI.The URI is the Web services-enabled module.

  10. Under Additional Properties, click...

    Web Services: Server Security Bindings

    ...to edit the request receiver binding information.

  11. Under Request Receiver Binding, click Edit.

  12. Under Additional Properties, click Login Mappings.

  13. Click New to create a new login mapping.

    You also can edit an existing login mapping by clicking the name. You can delete a login mapping by selecting the box next to the login mapping name and clicking Remove.

    1. Enter the authentication method in the Authentication Method field. This entry must match the authentication method defined in the extension deployment descriptor. The authentication method must be unique in the login mapping collection of the binding file.

    2. Select a JAAS login configuration name from the JAAS Configuration Name menu.

      Security | JAAS Configuration | Application Logins.

    3. Enter an implementation of...

      com.ibm.wsspi.wssecurity.auth.callback.CallbackHandlerFactory

      interface in the Callback Handler Factory Classname field. This field is mandatory.

    4. Enter the token value type URI and local name in the Token Type URI and Token Type Local Name fields. This information is optional for the BasicAuth, Signature and IDAssertion authentication methods, but required for any other authentication method. The token value type is inserted into the element...

      <wsse:BinarySecurityToken>@ValueType
      ...for binary security token and used as the namespace of the XML based token.

    5. Click Apply.

  14. Under Additional Properties, click Properties.

  15. Click New and enter the name and value pairs in the Property Name and Property Value fields.These name and value pairs are available to the JAAS login modules by JAAS Callback interface...

    com.ibm.wsspi.wssecurity.auth.callback.PropertyCallback

    These pairs are available when editing existing login mappings, but not when creating new login mappings.

  16. Return to the Additional Properties heading and click Callback Handler Factory Property.The Callback Handler Factory Property option is located on the same menu where you previously clicked Properties.

  17. Click New and enter the name and value pairs in the Property Name and Property Value fields.These name and value pairs are passed as java.util.Map values to the method...

    com.ibm.wsspi.wssecurity.auth.callback.CallbackHandlerFactory.init()

    The usage of these name and value pairs is determined by the CallbackHandlerFactory implementation.

  18. Click Save in the upper-left section of the administrative console.

The previous steps define how to configure the request sender to create security tokens in the SOAP message and the request receiver to validate the security tokens found in the incoming SOAP message. WAS supports pluggable security tokens.

You can use the authentication method defined in the login bindings and login mappings to generate security tokens in the request sender and validate security tokens in the request receiver.

Once you have configured pluggable tokens, configure both the client and the server to support pluggable tokens. See the following topics to configure the client and the server...

 

See Also

Pluggable token support
Authentication method overview
Binary security token
XML token
Username token element
Security token
Token type overview
Securing Web services using a pluggable token
Configure pluggable tokens using the Assembly Toolkit
Configure the client security bindings using the Assembly Toolkit
Configure the security bindings on a server acting as a client using the administrative console
Configure the server security bindings using the Assembly Toolkit
Configure the server security bindings using the administrative console
Developing Web services based on Web Services for J2EE
Configure JAAS login
Configuring the client for LTPA token authentication: specifying LTPA token authentication
Configuring the client for LTPA token authentication: Collecting the authentication method information
Configuring the server to handle LTPA token authentication information
Configuring the server to validate LTPA token authentication information