Sun OpenSSO Enterprise Policy Agent 3.0 Guide for IBM WebSphere Application Server 6.1/7.0 and WebSphere Portal Server 6.1

Configuring Web Services Security for the WebSphere Application Server/Portal Server Agent

The WebSphere Application Server/Portal Server agent supports Web Services Security (WSS) for web service providers. A web service provider (WSP) deployed on WebSphere Application Server 6.1/7.0 protected by the agent can have additional security provided by the agent. For example, you can configure the WebSphere Application Server/Portal Server agent and OpenSSO Enterprise server to support various Web Services Security profiles, including Username token, X509 token, and SAML2 token.

Configuring the WebSphere Application Server/Portal Server agent to use Web Services Security with OpenSSO Enterprise is similar to configuring other Java EE policy agents. For information and the general configuration steps, see Web Services Security Support for J2EE Agents in Policy Agent 3.0 in Sun OpenSSO Enterprise Policy Agent 3.0 User’s Guide for J2EE Agents.

In addition to the general steps, perform the following additional steps depending on the version of WebSphere Application Server you are using:

Configuring Web Services Security on WebSphere Application Server 6.1

ProcedureTo Configure Web Services Security on WebSphere Application Server 6.1

  1. Perform the general steps, as described in Web Services Security Support for J2EE Agents in Policy Agent 3.0 in Sun OpenSSO Enterprise Policy Agent 3.0 User’s Guide for J2EE Agents.

  2. Stop WebSphere Application Server 6.1.

  3. Install the WebSphere Application Server 6.1 Feature Pack for Web Services onto WebSphere Application Server 6.1.

    For information, see http://www-01.ibm.com/software/webservers/appserv/was/featurepacks/.

  4. Copy the xmlsec.jar, xercesImpl.jar and xalan.jar files from the OpenSSO Enterprise server deployment to the WebSphereInstallDirectory/AppServer/lib/ext directory.

    For example: /opt/IBM/WebSphere/AppServer/lib/ext

  5. Download bcprov-jdk15-141.jar from http://bouncycastle.org and copy it to the WebSphereInstallDirectory/AppServer/java/jre/lib/ext directory.

  6. Add the Bouncy Castle provider to the WebSphereInstallDirectory/AppServer/java/jre/lib/security/java.security file. For example:

    security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider

    Change the provider number accordingly.

  7. Start WebSphere Application Server 6.1

Configuring Web Services Security on WebSphere Application Server 7.0

ProcedureTo Configure Web Services Security on WebSphere Application Server 7.0

  1. Perform the general steps, as described in Web Services Security Support for J2EE Agents in Policy Agent 3.0 in Sun OpenSSO Enterprise Policy Agent 3.0 User’s Guide for J2EE Agents.

  2. Stop WebSphere Application Server 7.0.

  3. Copy the xmlsec.jar, xercesImpl.jar, and xalan.jar files from the OpenSSO Enterprise server deployment to the WebSphereInstallDirectory/AppServer/lib/ext directory.

    For example: /opt/IBM/WebSphere/AppServer/lib/ext

  4. Start WebSphere Application Server 7.0.