Configuring the Kerberos token for Web Services Security
Use this topic to configure the Kerberos token for message-level Web Services Security.
Before you begin
Before you can use Kerberos with Web Service Security,
you must configure Kerberos in the IBM® WebSphere® Application Server. You do not need
to enable Kerberos as the authentication mechanism. However, the Kerberos
configuration file, krb5.conf
or krb5.ini
,
and the Kerberos keytab file, krb5.keytab
, are required.
The initial setup and configuration processes to use Kerberos with Web Services Security are identical to the configuration processes for using Kerberos with the security function. Therefore, you must set up and configure Kerberos before continuing with the steps in this topic.
The Kerberos (KRB5) authentication mechanism support for security topic provides an overview of the Kerberos functionality and provides the initial steps for setting up and configuring Kerberos for authentication purposes. Within this topic, you must complete the steps in the section Setting up Kerberos as the authentication mechanism for WebSphere Application Server. Use that topic to configure Kerberos, the service principal, and the keytab files. In addition, that topic references the process for configuring Kerberos as the authentication mechanism using the administrative console or commands. You can also find information on how to setup up Kerberos when the Key Distribution Center (KDC) and the Application Server do not use the same user registry.
About this task
The Kerberos token for JAX-WS applications is configured using policy sets and bindings. The JAX-WS application is attached with a custom policy and the Kerberos token is configured as a message protection token or an authentication token.
The implemented Kerberos functionality for Web Services Security also leverages existing tools and frameworks for the Kerberos token profile configuration for authentication and message protection. The support for Kerberos with Web Services Security in the product is based on the OASIS Web Services Security Kerberos Token Profile 1.1 specification.
To configure Kerberos with Web Service Security, complete the following steps:
Procedure
What to do next
Using this task, you have configured the Kerberos token for WebSphere Application Server.