Configure digest authentication for Oracle Internet Directory

Operating Systems: i5/OS
Personalize the table of contents and search results

Configure digest authentication for Oracle Internet Directory

You can configure digest authentication for Oracle Internet Directory, an implementation of the Lightweight Directory Access Protocol (LDAP) that uses the Oracle database as a repository for directory entries. To configure digest authentication for Oracle Internet Directory, you will need to:

Install Oracle Internet Directory version 9.0.2.
Set up and activate Lightweight Third Party Authentication. For more information, see the Lightweight Third Party Authentication section.
You also may want to refer to the section Configuring a custom trust association interceptor for more TAI information.

Overview

Complete the following procedure to configure digest authentication for Oracle Internet Directory on WebSphere Application Server:

Procedure

To set up digest authentication, verify that Lightweight Third Party Authentication (LTPA) is configured for use on your server by selecting Security > Secure administration, applications, and infrastructure > Authentication mechanisms. In the Configuration tab on the Authentication mechanisms and expiration page you should see the Password field already filled in.
In the administrative console, click Security > Secure administration, applications, and infrastructure .
1. Under Authentication, expand Web security and click on Trust association.
2. On the Configuration tab, under General properties, make sure the Enable trust association box is checked. Then click Apply.
On the Interceptors page of the administration console look for com.ibm.ws.sip.security.digest.DigestTAI in the Interceptor class name list:
1. If this class name in not present, click New to open the Configuration tab and enter com.ibm.ws.sip.security.digest.DigestTAI in the Interceptor class name field and click Apply. Then proceed to the following steps.
2. If this interceptor class is present, you may set up custom properties for it. To do this, click com.ibm.ws.sip.security.digest.DigestTAI > Custom Properties:
3. Click OK.
Navigate through Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration to the Configuration tab.
1. In the Key generation section, click Generate Keys. (No import or export of the key is necessary.)
2. Under the Cross-cell single sign-on section fill in the Password fields.
3. Fill in the Internal server ID field.
4. Click OK.
Click to Security > Secure administration, applications, and infrastructure.
1. If the box Use Java 2 security to restrict application access to local resources is checked, then Java 2 security is enabled. Click the box if you want to disable Java 2 security.
2. In the User account repository section of the page, select your LDAP registry from the Available realm definitions drop-down box.
3. Click Set as current and then clickApply.
Save all changes.
Restart the server.
Be sure you see the following message appear in the SystemOut.log after the server has restarted:
```
SECJ0121I: Trust Association Init class
 com.ibm.ws.sip.security.digest.DigestTAI loaded successfully
```
If this message does not appear in the log, digest authentication has not been activated.

} Related tasks Configuring a custom trust association interceptor Browse all SIP topics Configuring security for the SIP container