en.help.ref-messagesecurityproviderconfigedit.html Maven / Gradle / Ivy
Edit Provider Configuration
Use the Edit Provider Configuration page to modify a message security provider configuration.
The Edit Provider Configuration page contains the following options.
- Authentication Layer
The authentication layer (either SOAP or HttpServlet) for which this provider configuration was created. This is a read-only field.
- Provider ID
The name of the message security provider configuration. This is a read-only field. You can only specify the provider ID when you create a new message security provider configuration.
- Default Provider
If this option is selected, this provider is the default provider. The default provider will be invoked for any application that does not identify a specific provider. Whether the provider is the default client provider, the default server provider, or both is determined by the Provider Type.
- Provider Type
Specifies the type of the provider. Available choices are:
- client
Specifies that the provider is the client authentication provider.
- server
Specifies that the provider is the server authentication provider.
- client-server
Specifies that the provider is both a client and a server authentication provider.
- Class Name
The name of the Java implementation class of the provider. Client authentication providers must implement the com.sun.enterprise.security.jauth.ClientAuthModule interface. Server-side providers must implement the com.sun.enterprise.security.jauth.ServerAuthModule interface. Client-server providers must implement both interfaces.
- Authenticate Source (for Request Policy)
The type of required authentication for the request policy. The request policy determines the request processing that the authentication provider performs. The request policy fields are optional, but if they are not specified, the authentication provider does not authenticate request messages.
Select sender to specify message-layer sender authentication (for example, username and password) of request messages. Select content to specify content authentication (for example, digital signature) of request messages. Leave the field empty to not authenticate the source of requests. By default, no authentication type is selected.
For a description of the actions performed by the SOAP message security providers, see Request and Response Policy Configurations.
- Authenticate Recipient (for Request Policy)
Specifies whether recipient authentication occurs before or after content authentication for the request policy.
Select before-content or after-content to require message-layer authentication of the receiver of the request message to its sender (by XML encryption). If the value is not specified, the default is after-content. Policies are expressed in message sender order, so after-content means that the message receiver decrypts the message before validating the signature.
- Authenticate Source (for Response Policy)
The type of required authentication for the response policy. The response policy determines the response processing that the authentication provider performs. The response policy fields are optional, but if they are not specified, no authentication is applied to response messages.
Select sender to specify message-layer sender authentication (for example, username password) of response messages. Select content to specify content authentication (for example, digital signature) of response messages. Leave the field empty to not authenticate response sources. By default, no authentication type is selected.
For a description of the actions performed by the SOAP message security providers, see Request and Response Policy Configurations.
- Authenticate Recipient (for Response Policy)
Specifies whether recipient authentication occurs before or after content authentication for the response policy.
Select before-content or after-content to define a requirement for message-layer authentication of the receiver of the response message to its sender (by XML encryption). If the value is not specified, the default is after-content. Policies are expressed in message sender order, so after-content means that the message receiver decrypts the message before validating the signature.
- Additional Properties
Additional properties for the message security provider configuration. For a description of the additional properties available for provider configurations, see Properties Specific to Message Security Provider Configurations.
Related Tasks
Related asadmin Commands
In addition, use the set(1) command to modify the request and response policies.
To set the response policy, replace the word request in the following commands
with response.
Add a request policy to the client and set the authentication source:
asadmin set --user admin-user --port admin-port
server-config.security-service.message-security-config.SOAP.
provider-config.ClientProvider.request-policy.auth_source=
sender | content
Add a request policy to the server and set the authentication source:
asadmin set --user admin-user --port admin-port
server-config.security-service.message-security-config.SOAP.
provider-config.ServerProvider.request-policy.auth_source=
sender | content
Add a request policy to the client and set the authentication recipient:
asadmin set --user admin-user --port admin-port
server-config.security-service.message-security-config.SOAP.
provider-config.ClientProvider.request-policy.auth_recipient=
before-content | after-content
Add a request policy to the server and set the authentication recipient:
asadmin set --user admin-user --port admin-port
server-config.security-service.message-security-config.SOAP.
provider-config.ServerProvider.request-policy.auth_recipient=
before-content | after-content