Security (Sun OpenSSO Enterprise 8.0 Administration Reference)

Sun OpenSSO Enterprise 8.0 Administration Reference

Security

The following attributes define web service provider security attributes:

Security Mechanism

Defines the type of security credential that are used to validate the web service request. The type of security mechanism is part of the web service request from a web service client and is accepted by a web service provider. Choose from the following types:

Anonymous — The anonymous security mechanism contains no security credentials.
KerberosToken — Uses Kerberos security tokens.
LibertyBearerToken – Uses the Liberty-defined bearer token.
LibertySAMLToken – Uses the Liberty-defined SAML token.
LibertyX509Token – Uses the Liberty-defined X509 certificate.
SAML-HolderOfKey - Uses the SAML 1.1 assertion type Holder-Of-Key..
SAML-SenderVouches - Uses the SAML 1.1 assertion type Sender Vouches.
SAML2–HolderOfKey – Uses the SAML 2.0 assertion token type Holder-Of-Key.
SAML2–SenderVouches – Uses the SAML 2.0 assertion token type Sender Vouches.
UserNameToken – Uses a user name token.
UserNameToken-Plain – Uses a user name token with a clear text password.
X509Token – Uses the X509 certificate.

Authentication Chain

Defines the authentication chain or service name that can be used to authenticate to the OpenSSO Enterprise authentication service using the credentials from an incoming web service request's security token to generate OpenSSO Enterprise's authenticated SSOToken.

Token Conversion Type

Defines the type of token that will be converted when a web service provider requests a token conversion from the Security Token service. The token is converted to the specified SAML or SSOToken (session token) with the same identity, but with attribute definitions specific to the token type. This new token can be used by the web service provider making a web service call to another web service provider. The token types you can define are:

SAML 1.1 token
SAML2 token
SSOToken

In order to use this attribute, any SAML token must be selected in the Security Mechanism attribute and any authentication chain defined for the web service provider.

Preserve Security Headers in Message

When enabled, this attribute defines that the SOAP security headers are preserved by the web service provider for further processing.

Private Key Type

Defines the key type used by the web service provider during the web service request signature verification process. The default value is PublicKey.

Liberty Service Type URN

The URN (Universal Resource Name) describes a Liberty service type that the web service provider will use for service lookups.

Credential for User Token

This attribute represents the username/password shared secrets that are used by the web service provider to validate a username security token from an incoming web service request. These credentials are compared against the credentials from the username security token from an incoming web service request.