Software AG Products 10.11 | Administering Integration Server | Customizing Authentication Using JAAS | JAAS Configuration File
 
JAAS Configuration File
 
Pre-installed Login Modules
X509ValidatorModule
The JAAS configuration file controls which login modules to use within a JVM. Integration Server configures the JVM to use Integration Server_directory \instances\instance_name\config\is_jaas.cnf as the JAAS configuration file.
A set of JAAS login modules are grouped into what is termed a login context. Within each login context, the login modules are specified with their full name, optional parameters, and a designation of the actions to take based on their success or failure. These designations are classified as REQUIRED, REQUISITE, SUFFICIENT, and OPTIONAL. For the login to succeed, the complete login context must succeed.
The JAAS configuration file lists the:
*Available login contexts.
*Login modules that will execute.
*Order in which the modules will execute.
*Settings that determine which actions to take if a module fails.
Following is a portion of the default JAAS configuration file for Integration Server. It shows the IS_Transport and WSS_Message_IS login contexts. The JAAS custom login modules for Integration Server include:
*Transport-level authentication, which is specified in the IS_Transport login context (shaded gray in the code portion below).
*Message-level authentication for web services, which is specified in the WSS_Message_IS login context. Integration Server message-level authentication is described in the Web Services Developer’s Guide .
Note:
The JAAS configuration file contains additional login contexts; only IS_Transport and WSS_Message_IS (shown in the following code segments from is_jaas.cnf) are discussed here.
IS_Transport { /*
com.wm.app.b2b.server.auth.jaas.X509ValidatorModule requisite; */
com.wm.app.b2b.server.auth.jaas.X509LoginModule requisite;
com.wm.app.b2b.server.auth.jaas.BasicLoginModule requisite;
com.wm.app.b2b.server.auth.jaas.SamlOSGiLoginModule requisite; /* * The
DefaultLoginModule contains logic that provide special * default handling for
Software AG products so please leave * this module as the last module of this
login context. */ com.wm.app.b2b.server.auth.jaas.DefaultLoginModule
requisite;};
WSS_Message_IS { /* * Please do
not rearrange the following SoftwareAG * login modules; add your login modules
before or after * these three modules */
com.wm.app.b2b.server.auth.jaas.SamlAssertLoginModule requisite;
com.wm.app.b2b.server.auth.jaas.X509LoginModule requisite;
com.wm.app.b2b.server.auth.jaas.BasicLoginModule requisite;};