Enable gateway-level authentication
Overview
A number of default gateway-level authentication settings are included in the gateway. There is a default role of AuthenticatedUsers which includes the special group AllAuthenticatedUsers. When security is enabled, supply a user ID and password to use the gateway administrative interface or invoke a gateway service.
This task covers the three main areas in which you might want to make changes:
- Changing the default gateway-level authentication settings.
If you want to change the default gateway-level authentication settings, do so before you install any channels. When you run the script that installs the gateway (either into an application server that is part of a deployment manager cell or into a stand-alone appserver) you also install the following channels:
If you change the default gateway-level authentication settings after you install the gateway, you then need to run the gateway installation program again.
- Enabling gateway-level authentication.
You can enable gateway-level authentication at any time. After gateway-level authentication is enabled, filters have access to the authentication information for the requester.
- Assigning users and groups to roles.
You can assign users and groups to roles at any time.
To enable gateway-level authentication, complete the following steps:
- To change the default gateway-level authentication settings, choose a tool that is available for your version of WebSphere Application Server:
Use this tool to complete the following steps:
- The WebSphere Application Server Assembly Toolkit.
- Set up a role and realm for the gateway on the WebSphere Application Server Web server and servlet container.
- Define the user ID and password that are used by the gateway to access the role and realm.
- Modify the gateway channel applications so that they only give gateway access to service requesters that supply the correct user ID and password for that role and realm.
- To enable gateway-level authentication, complete the following steps:
- Start the WebSphere Application Server administrative server.
- Start the administrative console.
- In the navigation pane, select Security > Global Security.
- In the main pane, on the Configuration tab, select the Enabled check box.
- Save the settings.
- Stop then restart the appserver.
- Close the administrative console.
- To map users to roles using the administrative console, complete the following steps:
For more information, see Assigning users and groups to roles.
- Start the WebSphere Application Server administrative server.
- Start the administrative console.
- In the navigation pane, select Application > Enterprise Applications > wsgw.In the main pane, an option to map security roles to users and groups appears in the Additional Properties table.
- Modify the security roles and save the settings.
- Repeat the previous two steps for each enterprise application that you want to modify.
- Stop then restart the appserver.
- Close the administrative console.
Note: The current Jacl installation scripts do not let you assign users to roles as part of installing the gateway into an appserver that is part of a deployment manager cell or into a stand-alone application server.
What to do next
You can now enable operation-level authorization, or install the gateway.
Securing the Web services gateway
Enabling operation-level authorization
Invoking Web services over HTTPS
Troubleshooting the Web services gateway