Configuring client authentication

To configure client authentication between the authentication client and the authentication server, it is recommended that you enable WebSphere® application security.

After WebSphere application security is enabled, you can add the role called TrustClientRole to the WebSphere administrator user that you specified during the TADDM installation. This method provides added security for the authentication service by restricting the users that can authenticate to the authentication service to only those users with the TrustClientRole.

To add the TrustClientRole to the WebSphere administrator specified during TADDM installation, complete the following steps:

  1. Log in to the WebSphere Administration Console.
  2. Under the Security tab, click Enterprise Applications.
    The Enterprise Applications pane is displayed.
  3. In the Enterprise Applications table, click the Authentication Service application (authnsvc_ctges) in the Name column.
    The Enterprise Applications > authnsvc_ctges pane is displayed.
  4. In the Enterprise Applications > authnsvc_ctges pane, in the Detailed Properties list, click Security role to user/group mapping.
    The Enterprise Applications > authnsvc_ctges > Security role to user/group mapping pane is displayed.
  5. In the table on the Enterprise Applications > authnsvc_ctges > Security role to user/group mapping pane, complete the following steps:
    • In the table, select the check box next to TrustClientRole.
    • Clear the Everyone check box.
    • Click Lookup Users or Lookup Groups. The Enterprise Applications > authnsvc_ctges > Security role to user/group mapping > Lookup users or groups pane is displayed.
    • In the Enterprise Applications > authnsvc_ctges > Security role to user/group mapping > Lookup users or groups pane, complete the following steps:
      • Search for users or groups, by using the Limit and Search string input boxes. When a group or user is found, it is displayed in the Available list.
      • From the Available list, select the user or group that you want.
      • Click Move to add that user or group to the Selected list.
    • Click OK. The Enterprise Applications > authnsvc_ctges > Security role to user/group mapping pane is displayed.
    • In the Enterprise Applications > authnsvc_ctges > Security role to user/group mapping pane, clear the Everyone check box.
    • Click OK. The Enterprise Applications > authnsvc_ctges pane is displayed.
    • Click Save to save the configuration. The Enterprise Applications pane is displayed.
    • Click OK. The Enterprise Applications > authnsvc_ctges pane is displayed.