Enable JASPI authentication using the Map JASPI provider option during application deployment
An administrator or deployer can use the Map JASPI Provider option during application deployment to associate web applications and specific web modules with an existing Java Authentication SPI (JASPI) authentication provider as defined in the security configuration. This association can also be made when editing the options for a previously installed application.
Before performing this task, verify that a JASPI authentication provider is defined as part of the global or domain security configuration. Read about Configure a new JASPI authentication provider for more information.
By default, an application inherits the JASPI settings defined in the WebSphere Application Server global or domain security configuration, and web modules inherit the application setting. However, we can override these default values using the Map JASPI Provider option during application deployment. Use this option to associate a specific JASPI provider from the global or domain security configuration with the entire application or with specific web modules. We can also use this option to specify that JASPI authentication not be used for an application or specific web module.
To associate a web application or specific web modules with an existing JASPI provider:
Tasks
- From the administrative console, click Applications > New Application > New Enterprise Application. Complete the required steps until we see the step for Map JASPI Provider, or click the Map JASPI Provider step from the installation options. A list containing the application name and associated web modules is displayed. To update a JASPI provider association after an application has been deployed, click Applications > Application Types > WebSphere enterprise applications, and then select the application to be modified. Click JASPI Provider under the Detail properties.
- Select the application or specific web module for which the JASPI provider setting is to be modified.
- Click the Select JASPI Provider menu and select one of the following options:
- Do not use JASPI
- Select to disable JASPI authentication for the selected web module or for the application.
- Inherit JASPI provider
- Select to inherit the JASPI authentication settings from default values in the cell or domain security configuration, as appropriate.
When Inherit JASPI provider is selected for a web module, JASPI authentication settings for the selected module are the settings specified for the application.
When Inherit JASPI provider is selected for the application, JASPI authentication settings are the settings specified in the appropriate cell or domain security configuration.
- Provider name
- When a specific provider name is selected, that provider name is used to perform authentication of web requests for the selected application or web module.
- Complete the remaining steps to finish installing and deploying the application.
What to do next
Verify that the server has been restarted to ensure that the configuration changes to define the JASPI provider take effect. Read about Configure a new JASPI authentication provider for more information.
Implement a custom authentication provider using JASPI Configure a new JASPI authentication provider Modifying an existing JASPI authentication provider Deleting a JASPI authentication provider JaspiManagement JASPI authentication providers collection JASPI authentication provider details