Custom security token propagation
Web services security has the ability to send security tokens in the security header of a SOAP message. These security tokens can be used to sign, verify, encrypt or decrypt message parts. These security tokens can also be sent as standalone security tokens and set as the caller on the request consumer. Custom security token propagation is used to propagate these custom security tokens by using Web services security.
Web services security supports the Username, X.509 and Lightweight Third-Party Authentication (LTPA) security token types. When you use security token propagation, the propagation token is sent in the wsse:BinarySecurityToken element in the security header of the SOAP message. Web services security uses the same propagation token format as used by the Security attribute propagation feature. Configuring this option is similar to the configuration for sending and receiving LTPA tokens. The same token generator and token consumer implementations are used...
- com.ibm.wsspi.wssecurity.token.LTPATokenGenerator
- com.ibm.wsspi.wssecurity.token.LTPATokenConsumer
But, the token type URI and local name for the token generator and token consumer are different. For custom token properties, use the following values:
- Token type URI: http://www.ibm.com/websphere/appserver/tokentype
- Token type local name: LTPA_PROPAGATION
By default, the custom token propagation uses the following JAAS login configuration entries:
- Inbound: WSS_INBOUND
- Outbound: WSS_OUTBOUND
You can use the com.ibm.ws.webservices.wssecurity.constants.jaasConfig custom property to specify a different JAAS login configuration for the generator. You can do this configuration on the CallbackHandler configuration panel. To specify a different JAAS login configuration on the consumer side, use the JAAS configuration name field in the Token consumer panel.
Related concepts
Security attribute propagation
Web services security provides message integrity, confidentiality, and authentication
Related tasks
Configure tokens using JAX-RPC to protect message authenticity at the server or cell level
Configure tokens using JAX-RPC to protect message authenticity at the server or cell level
Configure token generators using JAX-RPC to protect message authenticity at the application level
Configure token consumers using JAX-RPC to protect message authenticity at the application level
Related Reference
Token generator configuration settings
Token consumer configuration settings