Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Configure CSIV2 inbound and outbound communication settings


Configure inbound messages

We can use the administrative console to configure inbound messages for CSIv2.


Procedure

  1. In the administrative console, click Security > Global security.

  2. Under Authentication, expand RMI/HOP security.

  3. Click CSIv2 inbound communication.

  4. Optional: Click Propagate security attributes or Use identity assertion. The Propagate security attributes option enables support for security attribute propagation during login requests. When you select this option, the application server retains additional information about the login request, such as the authentication strength used, and retains the identity and location of the request originator.

    The Use identity assertion option specifies that identity assertion is a way to assert identities from one server to another during a downstream EJB invocation.

  5. Under CSIv2 Message layer authentication, select Supported, Never or Required.

    Never

    Specifies that this server cannot accept an authentication mechanism that you select under Allow client to server authentication with:.

    Supported

    Specifies that clients communicating with this server can specify an authentication mechanism that you select under Allow client to server authentication with:. However, a method might be invoked without this type of authentication. For example, an anonymous or client certificate might be used instead.

    Required

    Specifies that clients communicating with this server must specify an authentication mechanism that you select under Allow client to server authentication with:.

  6. Under Allow client to server authentication with:, select Kerberos, LTPA and or Basic authentication. We can optionally select:

    Kerberos

    Select to enable authentication using the Kerberos token.

    LTPA

    Select to enable authentication using the Lightweight Third-Party Authentication (LTPA) token.

    Basic authentication

    This type of authentication typically involves sending a user ID and a password from the client to the server for authentication. This is also know as Generic Security Services Username Password (GSSUP).

    This authentication also involves delegating a credential token from an already authenticated credential, provided the credential type is forwardable; for example, LTPA.

    If you select supported under CSIv2 Message layer authentication, and check KRB5 and LTPA under Allow client to server authentication with:, then the server does not accept the user name and password.

  7. Click OK.


Results

You have now configured messages for CSIv2 inbound.
Configure Kerberos as the authentication mechanism
Configure outbound messages
Configure inbound transports
Configure outbound transports


Related


Kerberos authentication settings
CSIv2 inbound communications settings
CSIv2 outbound communications settings

+

Search Tips   |   Advanced Search