Configuring security on the Consumer portal
You can configure security for the WSRP Consumer. If you enable security, the WSRP Consumer sends a security token as part of the WSRP request message to the WSRP producer. The security token represents the identity of the user who is logged in to the Consumer Portal. The WSRP Producer uses the security token to process the WSRP requests under the user identity that is represented by the security token.
About this task
For a WSRP Producer, security for WSRP services is optional. If a WSRP Producer requires security, the WSRP Consumer must be configured to use the same security mechanism as the WSRP Producer. Otherwise, the Consumer cannot consume the portlets that the Producer provides.
Example:
A Producer might configure message authentication Web Service Security
for the WSRP services by using a particular security token type according
to the WS-Security standard. In this case, the WSRP Consumer web services
must also be configured for web service security, and they must use
the same security token type message authentication. You can configure
security for the WSRP Consumer by using either of the following two
authentication mechanisms:
- HTTP-cookie-based single sign-on
- The WSRP Consumer forwards LTPA v2 HTTP cookies that it receives
from the client to the Producer as part of the WSRP request messages.
The WSRP Producer receives the cookie and establishes the corresponding
security context on the Producer side. This option requires configuration
of the WSRP Consumer to forward HTTP cookies. It has the following
advantages:
- It does not require configuration of the WSRP web services. It makes it possible for the WSRP Producer to accept and process both unauthenticated and authenticated requests.
- The Producer processes unauthenticated requests that do not contain an LTPA V2 cookie without establishing an individual security context.
- Web Services Security
- You can configure the WSRP Consumer to use Web Service Security according to the WS-Security standard. The WSRP Consumer sends a header that complies with the WS-Security standard as part of the WSRP request messages. The header contains credentials that identify and authenticate the user. For example, you can configure the Consumer portal to include Lightweight Third-Party Authentication (LTPA) tokens or Username tokens in the WS-Security header. For this option, both the WSRP Consumer and the WSRP Producer must be configured for Web Services Security.