Simple WebSphere Authentication Mechanism

The SWAM authentication mechanism is intended for simple, non-distributed, single application server runtime environments. The single application server restriction is due to the fact that SWAM does not support forwardable credentials. This means that if an object in one application server process invokes a method on an object that resides in a second process, the identity of the caller in the first process is not transmitted to the second process. What is transmitted is an unauthenticated credential, which, depending on the security permissions configured on the methods, may cause authorization failures.

Because SWAM is intended for a single application server process, single signon is not supported.

The SWAM authentication mechanism is suitable for simple environments, software development environments, or other environments that do not require a distributed security solution.