Securing the WSRP Producer by HTTP-cookie-based single sign-onAdded by IBM | Edited by IBM on October 15, 2015 | Version 3 (Show original)
|You can provide security for your WSRP Producer for IBM® WebSphere® Application Server and the provided web services by using HTTP-cookie-based single sign-on. To use this security option, the WSRP Consumer must be configured to send or forward single sign-on HTTP cookies as part of the WSRP request message to the WSRP Producer. For example, such a cookie can be an LTPA V2 cookie.
The Single Sign-On cookie represents a security credential that can be understood both by the WSRP Consumer and the WSRP Producer. The WSRP Producer receives the cookie and establishes the corresponding security context for the user on the Producer side. This security option is available on both WebSphere
Application Server Full Profile Version 8.5 or a later version and WebSphere
Application Server Liberty Profile.
For using HTTP-cookie-based single sign-on, the WSRP Producer must not be configured for Web Services Security.
Prerequisites for using HTTP-cookie-based single sign-on:
Required WSRP Consumer configuration:
- Application security must be enabled on the WebSphere Application Server:
- For security on WebSphere Application Server Full Profile, enable application security in the WebSphere Integrated Solutions Console.
- For security on WebSphere Application Server Liberty Profile, enable the feature appSecurity-2.0 in the file server.xml.
- Single Sign-On (SSO) must be configured between the WSRP Consumer and the WSRP Producer. For example, to set up LTPA-based SSO, the following two prerequisites are required:
- The WSRP Consumer and the WSRP Producer must be configured to use a shared user registry.
- The LTPA keys must be exchanged between WSRP Consumer and WSRP Producer.
Parent topic: Securing the WSRP Producer
IBM WebSphere Portal V 8 Product Documentation
Customizing client cookie forwarding
The WSRP Consumer must be configured to forward Single Sign-On cookies to the WSRP Producer. For more information, consult the IBM WebSphere
Portal product documentation. Specifically, read the information about Customizing client cookie forwarding
Example: Define the following custom properties for the HttpClientService
wsrp.consumer.cookieforward.LtpaToken2 = .sample.com
wsrp.consumer.cookieforward.LtpaToken = .sample.com
This example configures client cookie forwarding of LTPA cookies to servers in the .sample.com