Signature authentication refers to an X.509 certificate
sent by the client to the server. The certificate is used to authenticate
to the user registry configured at the server. After a request is
received by the server that contains the certificate, the server needs
to log in to form a credential. The credential is used for authorization.
You can configure signature authentication at the server.
About this task
Important: There is an important distinction
between Version 5.x and Version 6.0.x and later applications.
The information supports Version 5.x applications only that
are used with WebSphere® Application Server Version 6.0.x and
later. The information does not apply to Version 6.0.x and
later applications.
If the certificate supplied cannot be
mapped to an entry in the user registry, an exception is provided
and the request ends without invoking the resource.
Procedure
- Launch an assembly tool.
For more information,
see the related information on Assembly Tools.
- Switch to the Java™ Platform,
Enterprise Edition (Java EE)
perspective by clicking .
- Click .
- Right-click the webservices.xml file,
and click .
-
Click the Extensions tab, which is located at the end of the Web
Services Editor within the assembly tool.
- Expand the section.
You can select from the following
options:
- BasicAuth
- Signature
- ID assertion
- Lightweight Third Party Authentication (LTPA)
- Select Signature to authenticate
the client using an X509 certificate.
The certificate that
is sent from the client is the certificate that issued for signing
the message. You must be able to map this certificate to the configured
user registry. For Local operating system (OS) registries, the common
name (cn) of the distinguished name (DN) is mapped to a user ID in
the registry. For Lightweight Directory Access Protocol (LDAP), you
can configure multiple mapping modes:
- EXACT_DN is the default mode that directly
maps the DN of the certificate to an entry in the LDAP server.
- CERTIFICATE_FILTER is the mode that provides
the LDAP advanced configuration with a place to specify a filter that
maps specific attributes of the certificate to specific attributes
of the LDAP server.
What to do next
For more information on getting started with the web services
editor within the assembly tool, see Configuring the server security bindings using an assembly tool.After you
specify how the server handles signature authentication information,
you must specify how the server validates the authentication information.
See the task for configuring the server to validate signature authentication.