SOPERA Adapter 8.0 | webMethods SOPERA Adapter Documentation | webMethods SOPERA Adapter Installation and User’s Documentation | Installing webMethods SOPERA Adapter | Completing the Installation | Configure the IS Login Module
 
Configure the IS Login Module
You use the IS Login Module to authenticate a SOPERA user against a SOPERA infrastructure.
The IS Login Module is a JAAS login module that is automatically installed as part of the SOPERA Adapter installation. By default, the IS Login Module is not enabled. For more information about SOPERA user authentication, see SOPERA User Authentication.
*To configure the IS Login Module
1. Configure central user management as described in the webMethods Integration Server Administrator’s Guide for your release.
Central user management is required to store and manage information about SOPERA users.
2. Navigate to the Integration Server_directory \config directory.
3. Open the is_jaas.cnf file in a text editor.
4. Edit the file as follows:
a. Add the following code in the IS_Transport section to include the WmLoginModuleIS login module. Set the authenticationTSPEndpoint parameter to point to your token service:
IS_Transport
{
com.softwareag.security.login.webmethods.WmLoginModuleIS
sufficient
  create_user_principal=true
auth-type=auth-id-password
authenticationTSPEndpoint=
"http://SOPERAInfrastructureServer:18080/TokenService/services/Trust"
soapRequestTemplateFile="config/sts-request.template";

com.wm.app.b2b.server.auth.jaas.X509LoginModule requisite;
com.wm.app.b2b.server.auth.jaas.BasicLoginModule requisite;
};
where SOPERAInfrastructure Server is the hostname of your actual SOPERA infrastructure server, for example: "http://localhost:18080/TokenService/services/Trust"
b. Configure incoming SOPERA call authentication. SOPERA Adapter verifies the authentication information it receives from an incoming SOPERA call and creates an Integration Server session for it. This configuration is required only when SOPERA Adapter invokes an Integration Server service that does not have the anonymous ACL for execution. To enable incoming call authentication, add the following section:
Note:
The values for verificationKeystore and verificationKeystorePwd parameters will depend on your environment.
sopware.auth-token-checking {
org.sopware.security.login.webmethods.WMLoginModule REQUIRED
auth-type=auth-token-checking
expiryClearance="525600"
verificationKeystore="/Users/root/keystore.jks"
verificationKeystorePwd="atleast8"
verificationCertAlias="client"
verifyTrustChain="false"
cacheCleanupInterval="5"
samlAttributeForPrincipalName="pxpUid";
};
5. Save and close the is_jaas.cnf file.
6. Copy the sts-request.template file from the Integration Server_directory \packages\ WmSoperaAdapter \config directory into the Integration Server_directory \config directory.
7. Restart Integration Server for the changes to take effect.
8. Log on to Integration Server Administrator as Administrator and go to Security > Access Control Lists.
9. Add the group of SOPERA users named SOPUsers to the ACL that you require.
For example, if you want to log on as Administrator in Integration Server Administrator with a SOPERA user, you can add the SOPUsers group to the Allowed ACL list as described in the webMethods Integration Server Administrator’s Guide for your release.