[Version 5 only]WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Securing Web services for version 5.x applications using a pluggable token

Why and when to perform this task

Important distinction between Version 5.x and Version 6.0.x applications
Note: The information in this article supports version 5.x applications only that are used with WebSphere Application Server Version 6. The information does not apply to version 6.0.x applications.
WebSphere Application Server provides several different methods to secure your Web services; a pluggable token is one of these methods. You might secure your Web services using any of the following methods:
  • XML digital signature
  • XML encryption
  • Basicauth authentication
  • Identity assertion authentication
  • Signature authentication
  • Pluggable token
Complete the following steps to secure your Web services using a pluggable token:

Steps for this task

  1. Generate a security token using the Java Authentication and Authorization Service (JAAS) CallbackHandler interface. The Web services security run time uses the JAAS CallbackHandler interface as a plug-in to generate security tokens on the client side or when Web services is acting as a client.
  2. Configure your pluggable token. To use pluggable tokens to secure your Web services, you must configure both the client request sender and the server request receiver. You can configure your pluggable tokens using either the WebSphere Application Server administrative console or the WebSphere Application Server Toolkit. For more information, see the following topics:



Sub-topics
Configuring pluggable tokens using an assembly tool
Configuring pluggable tokens using the administrative console
Pluggable token support
Configuring the client for LTPA token authentication: specifying LTPA token authentication
Configuring the client for LTPA token authentication: collecting the authentication method information
Configuring the server to handle LTPA token authentication information
Configuring the server to validate LTPA token authentication information

Related concepts
Lightweight Third Party Authentication

Task topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/twbs_secplugtoken.html

© Copyright IBM Corporation 2003, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)