Adding Trust Association properties to enable anonymous authentication
Enable anonymous authentication through the Trust Association Interceptor on the IBM® Sametime® SIP Proxy/Registrar.
Procedure
- Access the Integrated Solutions Console on the SIP Proxy/Registrar.
- Click Security > Global Security > Web and SIP Security > Trust Association > Interceptors.
- Click New.
- Add these properties:Note: The custom properties listed here should be the only properties present. If the setting com.ibm.sip.auth.AnonymousAuthTAI is added, it will conflict with the enable.anonymous.token.auth.tai setting.
Interceptor class name - com.ibm.sip.auth.AnonymousTokenAuthTAI enable.anonymous.token.auth.tai true anonymous.user.id anonymous ( Note that this should be the userID and NOT e-mail ID) anonymous.token.auth.tai.allowed.attempts -1 anonymous.token.auth.tai.cleanup.timer 120 anonymous.token.auth.tai.shared.secret ${WAS_INSTALL_ROOT}/anonTokenSecret.txt anonymous.token.auth.tai.shared.secret.key1 ${WAS_INSTALL_ROOT}/sharedEncKey1.txt anonymous.token.auth.tai.shared.secret.key2 ${WAS_INSTALL_ROOT}/sharedEncKey2.txt"
- Copy the three secret files to the default WebSphere® Application Server install root
directories. As a best practice, reference the WAS_INSTALL_ROOT WebSphere variable as part
of the path to the secret files, especially on environments where Microsoft™ Windows™ and Linux™ or
Unix servers coexist. For example, the default directories are:
- On Linux: /opt/IBM/WebSphere/AppServer
- On Windows: D:\IBM\WebSphere\AppServer
- Resynchronize the nodes and restart the Sametime SIP Proxy/Registrar. For instructions about stopping and starting the SIP Proxy/Registrar, see the topic Starting and stopping servers.
- Ensure that the following secret files on the IBM Sametime Community
Server, Sametime Meeting
Server, and Sametime SIP
Proxy/Registrar are the same. Check the
stavconfig.xml
file to view the secret files:- secret key file
- sharedEncKey1.txt file
- sharedEncKey2.txt file