Authentication generator or consumer token settings

Use this page to configure authentication tokens. Authentication tokens sign messages to provide integrity or encrypt messages to provide confidentiality.

You can add authentication token settings for message parts when you are editing a general binding which is considered as default. You can also configure application specific bindings for tokens and message parts that are required by the policy set.

To view this administrative console page complete the following:
  1. Click Services > Policy sets > Default policy sets bindings.
  2. Click the WS-Security policy in the Policies table.
  3. Click the Authentication and protection link in the Main message security policy bindings section.
  4. Click New token to create a new token generator or consumer or click an existing consumer or generator token link from the Authentication Tokens table.
To create or edit the token properties using this administrative console page, complete the following:
  1. Click Services > Policy sets > General client policy sets bindings or Services > Policy sets > General provider policy sets bindings.
  2. Click the WS-Security policy in the Policies table.
  3. Click theAuthentication and protection link in the Main message security policy bindings section.
  4. Click New token to create a new token generator or consumer or click an existing consumer or generator token link from the Authentication Tokens table.
To edit or configuring application specific bindings for tokens and message parts that are required by the policy set, complete the following:
  1. Click Applications > Application Types > WebSphere enterprise applications.
  2. Select an application that contains Web services. The application must contain a service provider or a service client.
  3. Click the Service provider policy sets and bindings link or the Service client policy sets and bindings in the Web Services Properties section.
  4. Select a binding. You must have previously attached a policy set and assigned an application specific binding.
  5. Click the WS-Security policy in the Policies table.
  6. Click the Authentication and protection link in the Main message security policy bindings section.
  7. Click a consumer or generator token link from the Protection Tokens table.

這個管理主控台畫面只適用於 Java™ API for XML Web Service (JAX-WS) Web 服務。

Name

Specifies the name of the token being configured. When using custom bindings, this field does not display.

Token type

Specifies the type of token being configured.

When you are using custom bindings, the token type is obtained from the policy file and it is read-only. When you are using default bindings, select a token type from the list. The following token types are available.

  • X509V3 Token v1.1
  • X509V3 Token v1.0
  • Username Token v1.1
  • Username Token v1.0
  • X509PKCS7 Token v1.1
  • X509PKCS7 Token v1.0
  • X509PkiPathV1 Token v1.1
  • X509PkiPathV1 Token v1.0
  • LTPA Propagation Token
  • X509V1 Token v1.1
  • LTPA Token
  • LTPA Token v2.0
  • Custom Token
新特性: The LTPA Token v2.0 token type is available only for bindings using the new namespace in IBM® WebSphere® Application Server, Version 7.0 or later. When you select LTPA Token v2.0 as the token type for the token consumer, both LTPA tokens and LTPA v2.0 tokens can be consumed. To restrict the token consumer to LTPA v2.0 tokens only, select the Enforce token version checkbox.

If you select LTPA Token as the token type for the token generator, Single Sign-on Interoperability Mode must be enabled. This is a setting in Global security under Web and SIP security. If the interoperability flag is not set to enabled (true), an exception is thrown when the application that is attached to these bindings is started. If you want to use the LTPA token without checking the state of the interoperability flag, you can set the custom property com.ibm.wsspi.wssecurity.tokenGenerator.ltpav1.pre.v7 on the token generator.

newfeat
Local name

Specifies the local name for the authentication token generator or consumer. The Local name field is populated based on the token type displayed. Use this field to edit custom token types only.

URI

Specifies the uniform resource identifier (URI) of the authentication token generator or consumer. The URI field is populated based on the token type displayed. Use this field to edit custom token types only.

Security token reference

Specifies the security token reference. The security token reference field displays only for authentication tokens in custom bindings. This field is not available for default bindings.

JAAS login

Specifies the Java Authentication and Authorization Service (JAAS) application login information. Click New to add a new JAAS application login or JAAS system login entry.

Custom properties – Name

Specifies the name used for the custom property.

Custom properties are not initially displayed in this column. Clicking one of the following buttons enables the actions described:

Button Resulting action
New Creates a new custom property entry. To add a custom property, enter the name and value.
Edit Enables the selected custom property to be edited. Clicking this button provides input fields and creates the listing of cell values to be edited. The Edit button is not available until at least one custom property has been added.
Delete Removes the selected custom property.
Custom properties – Value

Specifies the value of the custom property to be used. Use this the Value field to enter, edit, or delete the value for a custom property.

Callback Handler

Links to the Callback handler page where you can configure callback handlers. Callback handler settings determine how security tokens are acquired from messages headers.

If you are working with a Username token or LTPA token that is using default bindings, the user names and passwords might have been provided as examples. You need to update the values for these token types.




標示(線上)的鏈結表示需要存取網際網路。

Related tasks
Related reference
Callback handler settings
Protection token settings (generator or consumer)
Application policy sets collection
WS-Security authentication and protection


檔名: uwbs_wsspsbat.html