+

Search Tips   |   Advanced Search

Set the server to validate signature authentication information


Signature authentication refers to an X.509 certificate sent by the client to the server. The certificate is used to authenticate to the user registry configured at the server. After a request is received by the server that contains the certificate, the server needs to log in to form a credential. The credential is used for authorization. We can validate signature authentication at the server.

There is an important distinction between Version 5.x and V6.0.x and later applications. The information in this article supports V5.x applications only that are used with WAS V6.0.x and later. The information does not apply to V 6.0.x and later applications.

If the certificate supplied cannot be mapped to an entry in the user registry, an exception is thrown and the request ends without invoking the resource.

Complete the following steps to configure the server to validate signature authentication:

 

  1. Launch an assembly tool.

    See the related information on Assembly Tools.

  2. Switch to the Java EE perspective by clicking Window > Open perspective > Other > J2EE.

  3. Click EJB Projects > application_name > ejbModule > META-INF.

  4. Right-click the webservices.xml file, and click Open with > Web services editor.

  5. Click the Binding Configurations tab, which is located at the bottom of the Web services editor within the assembly tool.

  6. Expand the Request receiver binding configuration details > Login mapping section.

  7. Click Edit to view the login mapping information or click Add to add new login mapping information. The login mapping dialog is displayed and you select (or enter) the following information:

    Authentication method

    Type of authentication. Select Signature to use signature authentication.

    Configuration name

    (JAAS) login configuration name.  For the signature authentication method, enter system.wssecurity.Signature for the JAAS login configuration name.  This spec logs in with the com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule JAAS login module.

    Use token value type

    Determines to specify a custom token type.  For the default authentication method selections, we can leave this field blank.

    URI and local name

    When you select Signature method, we cannot edit the token value type URI and local name values.  Specifies custom authentication types. For signature authentication, we can leave this field blank.

    Callback handler factory class name

    Creates a JAAS CallbackHandler implementation that understands the following callback handlers:

    • javax.security.auth.callback.NameCallback

    • javax.security.auth.callback.PasswordCallback

    • com.ibm.wsspi.wssecurity.auth.callback.BinaryTokenCallback

    • com.ibm.wsspi.wssecurity.auth.callback.XMLTokenReceiverCallback

    • com.ibm.wsspi.wssecurity.auth.callback.PropertyCallback

    For any of the default authentication methods (BasicAuth, IDAssertion, and Signature), use the callback handler factory default implementation. Enter the following class name for any of the default authentication methods including signature:

    com.ibm.wsspi.wssecurity.auth.callback.WSCallbackHandlerFactoryImpl
    

    This implementation creates the correct callback handler for the default implementations.

    Callback handler factory property name and callback handler factory property value

    Specifies callback handler properties for custom callback handler factory implementations. You do not need to specify any properties for the default callback handler factory implementation.  For signature, we can leave this field blank.

    Login mapping property name and login mapping property value

    Specifies properties for a custom login mapping to use.  For the default implementations including signature, we can leave this field blank.

 

Next steps

Specify how the server handles the signature authentication method. See Set the server to support signature authentication if we have not previously specified this information.

 

Related concepts


Signature authentication method
Assembly tools

 

Related tasks


Set the server to support signature authentication
Set the server security bindings using an assembly tool
Secure Web services for version 5.x applications using signature authentication