Web Services Security
You can configure the WSRP web service providers for Web Services Security according to the WS-Security standard. This security option is available on WebSphere Application Server Full Profile only. The WSRP Consumer sends a header that complies with the WS-Security standard as part of the WSRP request messages. The header contains credentials that serve to identify and authenticate the user. For this option, both the WSRP Consumer and the WSRP Producer must be configured for Web Services Security.HTTP-cookie-based single sign-on
This security option is available on WebSphere
Application Server Full Profile Version 8.5.0 and later versions and on WebSphere
Application Server Liberty Profile. To authenticate and identify the user and establish the security context for processing the WSRP request, the WSRP Producer uses LTPA V2 HTTP cookies that the WSRP Consumer sends as part of the WSRP request messages. This security option has the following advantages:
- It does not require configuration of the WSRP web services.
- It makes it possible for the WSRP Producer to accept and process both unauthenticated and authenticated requests. The Producer processes unauthenticated requests that do not contain an LTPA V2 cookie without establishing an individual security context.
For details about how to provide security with your WSRP Producer, read Securing the WSRP Producer
Parent topic: Learning about WSRP
Securing the WSRP Producer