As an alternative to authentication using SiteMinder, you can specify authentication using the Web Security Services (WSS) UsernameToken protocol. The WSS UsernameToken profile is an Oasis standard that specifies how a web services consumer can supply a token to identify itself to a provider. The token includes a user name optionally a password, or password equivalent.
You can enable this authentication protocol with the WSS UnsernameToken (Password Text) option in the Web Services Properties dialog. You select this option (or not) the same way as you select the Admin password is required option.
UsernameToken security in TEWS is implemented using a Servlet Filter. IM uses a Servlet Filter (FrameworkAuthFilter) to perform UI authentication. The TewsSecurityFilter processes TEWS requests. IM calls the TewsSecurityFilter is for every TEWS request. The filter verifies the status of the environment web service configuration before inspecting the message. If UsernameToken security is not configured, the message is passed on untouched.
The TewsSecurityFilter is defined in user console web.xml file. If you want to disable the filter manually, comment out the following lines:
<filter>
<filter-name>TEWSFilter</filter-name> <filter-class>con.netegrity.ims.tews6.servletfilter.TewsSecurityFilter</filter-class>
</filter> <filter-mapping>
<filter-name>TEWSFilter</filter-name> <url-pattern>/TEWS6/*</url-pattern>
</filter-mapping>
After you have commented out these lines, restart the application server. IM no longer verifies the status of the UsernameToken security configuration.
|
Copyright © 2013 CA.
All rights reserved.
|
|