Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Define and managing secure policy set bindings
Configure web service binding for LTPA authentication
Use this task to configure a web service binding to perform authentication using Lightweight Third-Party Authentication (LTPA) tokens.
Before you begin this task, install Service Component Architecture (SCA) application.
Policy sets can be used to configure web service bindings to perform authentication using LTPA tokens.
Procedure
- Configure the administrative and application security for the server.
In order to secure the service so that it only accepts secure requests, and for the service to require authentication, administrative and application security must be enabled for the server. See Securing JAX-WS web services using message-level security.
- Configure the service to require message layer authentication by attaching the LTPA WSSecurity default policy set.
To attach the LTPA WSSecurity default policy set, perform the task, mapping abstract intent to policy sets and policy management.
In addition to attaching the policy set, configure the WS-Security policy to add a caller binding in order for the received subject to be propagated to the thread. To update the default binding to support the caller function, open the admin console and navigate to Services > Policy sets > General provider policy set bindings > Provider sample > WS-Security > Callers . Create a new Caller with the following values:
Name: Specify any name for this configuration
Caller identity local part: LTPAv2
Caller identity namespace URI: http://www.ibm.com/websphere/appserver/tokentype
For additional information on LTPA WSSecurity default policy set review the topic, WSSecurity default policy sets. Read also the article about configuring the WS-Security policy.
The following code is an example of configuring the service to support LTPA authentication.
<service name="AccountService"> <binding.ws qos:wsPolicySet="LTPA WSSecurity default" qos:wsServicePolicySetBinding="Provider sample" ... /> </service>
- Configure the client by attaching the LTPA WSSecurity default policy set to a reference.
An example of how to attach the LTPA WSSecurity default policy set to a reference is shown in the code block in this task step. Attaching the LTPA WSSecurity default policy set to a reference by default propagates any existing LTPA tokens on the thread with the request. It is also possible to configure the policy set to create a token for a specific user and send that token with all requests. Refer to the article, WSSecurity default policy sets for detail information.
<reference name="AccountService"> <binding.ws qos:wsPolicySet="LTPA WSSecurity default" ... /> </reference>
Results
When you finish this task, we have configured web service bindings to do LTPA authentication.
What to do next
We can proceed to configuring other application specific bindings.
WSHTTPS default policy set
Web Services Security default policy sets
Secure JAX-WS web services using message-level security
Secure web services applications at the transport level
Attach a policy set to a service artifact
Map abstract intents and managing policy sets
Create application specific bindings for policy set attachment
Configure web services client bindings
Configure the WS-Security policy
Configure default Web Services Security bindings
Configure the HTTP transport policy
Configure the SCA web services binding
Define and managing policy set bindings