Operating Systems: i5/OS
Personalize the table of contents and search results
Configure the server to support signature authentication
Signature authentication refers to an X.509 certificate sent by
the client to the server. The certificate is used to authenticate to the user
registry configured at the server. After a request is received by the server
that contains the certificate, the server needs to log in to form a credential.
The credential is used for authorization. You can configure signature authentication
at the server.
Overview
There is an important distinction between
V5.x and V6.0.x and later applications. The information
in this article supports V5.x applications only that are used
with WebSphere Application Server V6.0.x and later. The information
does not apply to V6.0.x and later applications.
If
the certificate supplied cannot be mapped to an entry in the user registry,
an exception is provided and the request ends without invoking the resource.
Procedure
- Launch an assembly tool. For more information on the
assembly tools, see Assembly tools.
- Switch to the J2EE perspective
by clicking Window > Open perspective > Other > J2EE.
- Click EJB Projects > application_name > ejbModule
> META-INF.
- Right-click the webservices.xml file, and click Open
with > Web services editor.
- Click the Extensions tab, which is located at the bottom of the
Web Services Editor within the assembly tool.
- Expand the Request receiver service configuration details >
Login configuration section. You can select from the following
options:
- BasicAuth
- Signature
- ID assertion
- Lightweight Third Party Authentication (LTPA)
- Select Signature to authenticate the client using an X509
certificate. The certificate that is sent from the client is the
certificate that issued for signing the message. You must be able to map this
certificate to the configured user registry. For Local operating system (OS)
registries, the common name (cn) of the distinguished name (DN) is mapped
to a user ID in the registry. For Lightweight Directory Access Protocol (LDAP),
you can configure multiple mapping modes:
- EXACT_DN is the default mode that directly maps the DN of the certificate
to an entry in the LDAP server.
- CERTIFICATE_FILTER is the mode that provides the LDAP advanced configuration
with a place to specify a filter that maps specific attributes of the certificate
to specific attributes of the LDAP server.
What to do next
For more information on getting started with the Web services editor
within the assembly tool, see Configuring the server security bindings using an assembly tool.
After you specify how the server handles signature
authentication information, specify how the server validates the
authentication information. See the task for configuring the server to validate
signature authentication.
}
Related concepts
Signature authentication method
Related tasks
Configuring the server to validate signature authentication information
Configuring the server security bindings using an assembly tool
Securing Web services for version 5.x applications using signature
authentication
|