Enable gateway-level authentication

 

Overview

A number of default gateway-level authentication settings are included in the gateway. There is a default role of AuthenticatedUsers which includes the special group AllAuthenticatedUsers. When security is enabled, supply a user ID and password to use the gateway administrative interface or invoke a gateway service.

This task covers the three main areas in which you might want to make changes:

• Changing the default gateway-level authentication settings.

  If you want to change the default gateway-level authentication settings, do so before you install any channels. When you run the script that installs the gateway (either into an application server that is part of a deployment manager cell or into a stand-alone appserver) you also install the following channels:

  • Apache SOAP channel 1.

  • SOAP over HTTP channel 1.
  If you change the default gateway-level authentication settings after you install the gateway, you then need to run the gateway installation program again.

• Enabling gateway-level authentication.

  You can enable gateway-level authentication at any time. After gateway-level authentication is enabled, filters have access to the authentication information for the requester.

• Assigning users and groups to roles.

  You can assign users and groups to roles at any time.

To enable gateway-level authentication, complete the following steps:

1. To change the default gateway-level authentication settings, choose a tool that is available for your version of WebSphere Application Server:

   • The WebSphere Application Server Assembly Toolkit.
   Use this tool to complete the following steps:

   1. Set up a role and realm for the gateway on the WebSphere Application Server Web server and servlet container.

   2. Define the user ID and password that are used by the gateway to access the role and realm.

   3. Modify the gateway channel applications so that they only give gateway access to service requesters that supply the correct user ID and password for that role and realm.

2. To enable gateway-level authentication, complete the following steps:

   1. Start the WebSphere Application Server administrative server.

   2. Start the administrative console.

   3. In the navigation pane, select Security > Global Security.

   4. In the main pane, on the Configuration tab, select the Enabled check box.

   5. Save the settings.

   6. Stop then restart the appserver.

   7. Close the administrative console.

3. To map users to roles using the administrative console, complete the following steps:

   1. Start the WebSphere Application Server administrative server.

   2. Start the administrative console.

   3. In the navigation pane, select Application > Enterprise Applications > wsgw.In the main pane, an option to map security roles to users and groups appears in the Additional Properties table.

   4. Modify the security roles and save the settings.

   5. Repeat the previous two steps for each enterprise application that you want to modify.

   6. Stop then restart the appserver.

   7. Close the administrative console.
   For more information, see Assigning users and groups to roles.

   Note: The current Jacl installation scripts do not let you assign users to roles as part of installing the gateway into an appserver that is part of a deployment manager cell or into a stand-alone application server.

 

What to do next

You can now enable operation-level authorization, or install the gateway.

---

Securing the Web services gateway
Enabling operation-level authorization
Invoking Web services over HTTPS
Troubleshooting the Web services gateway
    

 

---