JAAS Configuration File
The JAAS configuration file controls which login modules to use within a JVM. Integration Server configures the JVM to use Integration Server_directory \instances\instance_name\config\is_jaas.cnf as the JAAS configuration file.
A set of JAAS login modules are grouped into what is termed a login context. Within each login context, the login modules are specified with their full name, optional parameters, and a designation of the actions to take based on their success or failure. These designations are classified as REQUIRED, REQUISITE, SUFFICIENT, and OPTIONAL. For the login to succeed, the complete login context must succeed.
The JAAS configuration file lists the:
Available login contexts.
Login modules that will execute.
Order in which the modules will execute.
Settings that determine which actions to take if a module fails.
Following is a portion of the default JAAS configuration file for Integration Server. It shows the IS_Transport and WSS_Message_IS login contexts. The JAAS custom login modules for Integration Server include:
Transport-level authentication, which is specified in the IS_Transport login context (shaded gray in the code portion below).
Message-level authentication for web services, which is specified in the WSS_Message_IS login context.
Integration Server message-level authentication is described in the Web Services Developer’s Guide For information on Integration Server message-level authentication, see
Web Service Authentication and
Authorization .
Note:
The JAAS configuration file contains additional login contexts; only IS_Transport and WSS_Message_IS (shown in the following code segments from is_jaas.cnf) are discussed here.
IS_Transport { /*
com.wm.app.b2b.server.auth.jaas.X509ValidatorModule requisite; */
com.wm.app.b2b.server.auth.jaas.X509LoginModule requisite;
com.wm.app.b2b.server.auth.jaas.BasicLoginModule requisite;
com.wm.app.b2b.server.auth.jaas.SamlOSGiLoginModule requisite; /* * The
DefaultLoginModule contains logic that provide special * default handling for
Software AG products so please leave * this module as the last module of this
login context. */ com.wm.app.b2b.server.auth.jaas.DefaultLoginModule
requisite;};
WSS_Message_IS { /* * Please do
not rearrange the following SoftwareAG * login modules; add your login modules
before or after * these three modules */
com.wm.app.b2b.server.auth.jaas.SamlAssertLoginModule requisite;
com.wm.app.b2b.server.auth.jaas.X509LoginModule requisite;
com.wm.app.b2b.server.auth.jaas.BasicLoginModule requisite;};