Request receiver binding collection

Use this page to specify the binding configuration to receive request messages for Web services security.

Important: There is an important distinction between Version 5.x and Version 6 and later applications. The information in this article supports Version 5.x applications only that are used with WebSphere® Application Server Version 6.0.x and later. The information does not apply to Version 6.0.x and later applications.
To view this administrative console page, complete the following steps:
  1. Click Applications > Application Types > WebSphere enterprise applicationsapplication_name.
  2. Under Modules, click Manage modules > URI_file_name.
  3. Under Web Services Security Properties, click Web services: Server security bindings.
  4. Under Request receiver binding, click Edit.
Signing information [只限第 5 版]

Specifies the configuration for the signing parameters. Signing information is used to sign and validate parts of a message including the body, the timestamp, and the user name token.

You also can use these parameters for X.509 certificate validation when the authentication method is IDAssertion and the ID Type is X509Certificate in the server-level configuration. In such cases, you must fill in the Certificate Path fields only.

Encryption information [只限第 5 版]

Specifies the configuration for the encrypting and decrypting parameters. This configuration is used to encrypt and decrypt parts of the message that include the body and the user name token.

Trust anchors [只限第 5 版]

Specifies a list of keystore objects that contain the trusted root certificates that are issued by a certificate authority (CA).

The certificate authority authenticates a user and issues a certificate. The CertPath API uses the certificate to validate the certificate chain of incoming, X.509-formatted security tokens or trusted, self-signed certificates.

Collection certificate store [只限第 5 版]

Specifies a list of the untrusted, intermediate certificate files.

The collection certificate store contains a chain of untrusted, intermediate certificates. The CertPath API attempts to validate these certificates, which are based on the trust anchor.

Key locators [只限第 5 版]

Specifies a list of key locator objects that retrieve the keys for digital signature and encryption from a keystore file or a repository. The key locator maps a name or a logical name to an alias or maps an authenticated identity to a key. This logical name is used to locate a key in a key locator implementation.

Trusted ID evaluators [只限第 5 版]

Specifies a list of trusted ID evaluators that determine whether to trust the identity-asserting authority or message sender.

The trusted ID evaluators are used to authenticate additional identities from one server to another server. For example, a client sends the identity of user A to server 1 for authentication. Server 1 calls downstream to server 2, asserts the identity of user A, and includes the user name and password of server 1. Server 2 attempts to establish trust with server 1 by authenticating its user name and password and checking the trust based on the TrustedIDEvaluator implementation. If the authentication process and the trust check are successful, server 2 trusts that server 1 authenticated user A and a credential is created for user A on server 2 to invoke the request.

Login mappings [只限第 5 版]

Specifies a list of configurations for validating tokens within incoming messages.

Login mappings map the authentication method to the Java™ Authentication and Authorization Service (JAAS) configuration.

To configure JAAS, complete the following steps:
  1. Click Security > Global security.
  2. Under the Java Authentication and Authorization Service, click Application logins or System logins.



標示(線上)的鏈結表示需要存取網際網路。

Related concepts
Related tasks


檔名: uwbs_reqrecvr.html