Configuring WSRP Producer ports for Web Service Security on the Consumer portal | HCL Digital Experience
You can configure each WSRP port of a particular Producer definition for web service security by using LTPA or username tokens.
About this task
If you configure web service security for a Producer port, the WSRP Consumer creates a WS-Security-compliant header. The header contains a security token. When the Producer receives a WSRP request message that contains a WS-Security header, it processes the request under the user identity that is represented by the security token and performs access control for provided portlets.
- LTPAv2_Token
- The Consumer portal provides an LTPA version 2 token in the WS-Security message header. This token type requires that Consumer and Producer portals share their user registry and LTPA configuration.
- LTPA_Token
- The Consumer portal provides an LTPA version 1 token in the WS-Security
message header. This token type requires that the Consumer and Producer
portals share their user registry and LTPA configuration. Note:
IBM® WebSphere® Application Server Version 8.5 supports the LTPA v2 token by default. Use the LTPA_Token only if a Producer requires an LTPA v1 token and cannot be configured to use LTPA v2 tokens. A HCL Portal Version 8.5 Producer does not require LTPA v1 tokens. If you use a HCL Portal V 8.5 Producer, do not use this token type.
As WebSphere® Application Server Version 8.5 does not support LTPA v1 by default, you need to enable the single sign-on interoperability mode in WebSphere® Application Server to use LTP v1. To do so, use the single sign-on (SSO) panel within the WebSphere® Integrated Solutions Console. For more information about this option, read the documentation about single sign-on settings in the WebSphere® Application Server product documentation. If you select this token type and did not enable LTPA v1 tokens before, the WSRP Consumer throws an exception when trying to create the security token for a WSRP request message.
- Username_Token
- The Consumer portal provides a username token in the WS-Security message header. The username token specifies the user name in clear text.
Procedure
- You can use the portal administration portlet Web Service
Configuration. Proceed as follows:
- You can use the portal XML configuration interface (XMLAccess)
to set port specific settings, for example token types. For information about the XML configuration interface and how to use it, read the information about the XML configuration interface.
Results
The WSRP Consumer provides a token of the selected type in the WS-Security header of WSRP request messages that are sent to the appropriate Producer port. No further security mechanism, such as message integrity or message confidentiality, is used. If you plan a more complex service configuration or if you plan to use another token type, read Configuring WSRP web service clients.
The token types correspond to the default WSRP policy sets and provider policy bindings that are available for the configuration of Producers. The tokens are also compatible to a corresponding HCL Portal Version 7 or 8 Producer security configuration.