You can configure a TAI service for Liberty using developer tools.
Before you begin
For a description of the underlying process of configuring a server, and detailed information
about specific aspects of server configuration, see Administering Liberty manually.
Avoid trouble: There are several security configuration examples on the Open Liberty website for reference when configuring security for your applications on Liberty.
Procedure
- Select the parent Trust Association Interceptor and
enter an ID name.
In
this example, the
ID name is
myTrustAssociation.
- Select the child Trust Association Interceptor and
configure the Class name which is the fully
qualified name of your TAI implementation class, then click the arrow
next to the Add button and select Global
Element to enter the shared library information.
In this example, the class name is
com.ibm.websphere.security.sample.SimpleTAI
,
and
Enable interceptor and
Invoke
an interceptor before SSO are checked.
- Enter the ID for the shared library
in the popup window and click OK.
In this example, the
ID corresponds
to the name of the shared library,
simpleTAI.
- Configure the Name and Description fields
for the shared library, then click the arrow next to the Add button
and select Child Element to add a fileset reference
as a child element.
- Configure the Fileset. Click Browse in
the Base directory field and select the directory
where the JAR file is located. Then, click Browse in
the Includes pattern field to select your JAR
file that contains your TAI implementation.
In
this example, the TAI implementation JAR file is
simpleTAI.jar and
is located under the
${server.config.dir}
directory.
- Configure Interceptor properties details
by clicking Add to add properties for the interceptor.
In this example, there are two pairs of properties
for the interceptor. The
hostName is
machine1 and
the
application is
test1.
- Save the configuration. You can find the following configuration
saved in the server.xml file.
<trustAssociation id="myTrustAssociation" invokeForUnprotectedURI="false"
failOverToAppAuthType="false">
<interceptors id="simpleTAI" enabled="true"
className="com.ibm.websphere.security.sample.SimpleTAI"
invokeBeforeSSO="true" invokeAfterSSO="false" libraryRef="simpleTAI">
<properties hostName="machine1" application="test1"/>
</interceptors>
</trustAssociation>
<library id="simpleTAI">
<fileset dir="${server.config.dir}" includes="simpleTAI.jar"/>
</library>