WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Configuring Common Secure Interoperability Version 2 and Security Authentication Service authentication protocols

Why and when to perform this task

Steps for this task

  1. Determine how to configure security inbound and outbound at each point in your infrastructure.

    For example, you might have a Java client communicating with an Enterprise JavaBeans (EJB) application server, which in turn communicates to a downstream EJB application server.

    The Java client utilizes the sas.client.props file to configure outbound security. Pure clients need to configure outbound security only.

    The upstream EJB application server configures inbound security to handle the right type of authentication from the Java client. The upstream EJB application server utilizes the outbound security configuration when going to the downstream EJB application server.

    This type of authentication might be different than what you expect from the Java client into the upstream EJB application server. Security might be tighter between the pure client and the first EJB server, depending on your infrastructure. The downstream EJB server utilizes the inbound security configuration to accept requests from the upstream EJB server. These two servers require similar configuration options as well. If the downstream EJB application server communicates to other downstream servers, then the outbound security might require a special configuration.

  2. Specify the type of authentication.

    By default, authentication by a user ID and password is performed.

    Both Java client certificate authentication and identity assertion are disabled by default. If you want this type of authentication performed at every tier, use the CSIv2 authentication protocol configuration as is. However, if you have any special requirements where some servers authenticate differently from other servers, then consider how to configure CSIv2 to its best advantage.

  3. Configure clients and servers.

    Configuring a pure Java client is done through the sas.client.props file, where properties are modified.

    Configuring servers is always done from the administrative console or scripting, either from the security navigation for cell-level configurations or from the server security of the application server for server-level configurations. If you want some servers to authenticate differently from others, modify some of the server-level configurations. When you modify the server-level configurations, you are overriding the cell-level configurations.




Sub-topics
Common Secure Interoperability Version 2 and Security Authentication Service client configuration
Configuring Common Secure Interoperability Version 2 inbound authentication
Configuring Common Secure Interoperability Version 2 outbound authentication
Configuring inbound transports
Configuring outbound transports
Example: Common Secure Interoperability Version 2 scenarios

Related concepts
Common Secure Interoperability Version 2 features

Related reference
Server-level security settings

Task topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_csiv2confg.html

© Copyright IBM Corporation 2002, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)