[Version 5 only]WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Configuring the server to support signature authentication

Why and when to perform this task

Important distinction between Version 5.x and Version 6.0.x applications
Note: The information in this article supports version 5.x applications only that are used with WebSphere Application Server Version 6.0.x. The information does not apply to version 6.0.x applications.

Use this task to configure signature authentication at the server. Signature authentication refers to an X.509 certificate sent by the client to the server. The certificate is used to authenticate to the user registry configured at the server. After a request is received by the server that contains the certificate, the server needs to log in to form a credential. The credential is used for authorization. If the certificate supplied cannot be mapped to an entry in the user registry, an exception is thrown and the request ends without invoking the resource. For more information on signature authentication, see Signature authentication method.

Steps for this task

  1. Launch an assembly tool. For more information on the assembly tools, see Assembly tools.
  2. Open the J2EE perspective by clicking Window > Open perspective > Other > J2EE.
  3. Click EJB Projects > application_name > ejbModule > META-INF.
  4. Right-click the webservices.xml file, and click Open with > Web services editor.
  5. Click the Extensions tab, which is located at the bottom of the Web Services Editor within the assembly tool.
  6. Expand the Request receiver service configuration details > Login configuration section. You can select from the following options: 
    • BasicAuth
    • Signature
    • ID assertion
    • Lightweight Third Party Authentication (LTPA)
  7. Select Signature to authenticate the client using an X509 certificate. The certificate that is sent from the client is the certificate that issued for signing the message.  You must be able to map this certificate to the configured user registry.  For Local operating system (OS) registries, the common name (cn) of the distinguished name (DN) is mapped to a user ID in the registry.  For Lightweight Directory Access Protocol (LDAP), you can configure multiple mapping modes:
    • EXACT_DN is the default mode that directly maps the DN of the certificate to an entry in the LDAP server.
    • CERTIFICATE_FILTER is the mode that provides the LDAP advanced configuration with a place to specify a filter that maps specific attributes of the certificate to specific attributes of the LDAP server.

What to do next

For more information on getting started with the Web services editor within the assembly tool, see Configuring the server security bindings using an assembly tool.

After you specify how the server handles signature authentication information, you must specify how the server validates the authentication information. See Configuring the server to validate signature authentication information for more information.




Related concepts
Signature authentication method

Related tasks
Configuring the server to validate signature authentication information
Configuring the server security bindings using an assembly tool

Task topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/twbs_confsvrsigauthmeth.html

© Copyright IBM Corporation 2003, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)