> Installation Guide > Authentication Configuration

Installation Guide

     Previous  Next    Open TOC in new window  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Authentication Configuration

In this section, we will show you how to change the BEA AquaLogic Service Registry configuration to allow the following authentication providers:

 

HTTP Basic

To allow HTTP Basic authentication:

  1. Modify REGISTRY_HOME/app/uddi/services/Wasp-inf/package.xml to enable HTTP basic authentication as follows:
    1. Under <processing name="UDDIv1v2v3PublishingProcessing"/>, uncomment <use ref="tns:HttpBasicInterceptor"/>. This enables the HTTP Basic authentication for UDDI Publishing API v1, v2, v3.
    2. Under <processing name="UDDIv1v2v3InquiryProcessing">, add <use ref="tns:HttpBasicInterceptor"/>. This enables the HTTP Basic authentication for all three versions of the UDDI Inquiry API.
    3. Under <processing name="wsdl2uddiProcessing">, add <use ref="tns:HttpBasicInterceptor"/>. This enables the HTTP Basic authentication for versions 2 and 3 of the WSDL2UDDI API.
    4. Add the attribute accepting-security-providers="HttpBasic" to all service-endpoints you wish to access via HTTP Basic authentication.

      5. A fragment of the package.xml is shown in Listing 13-1

  2. Shutdown BEA AquaLogic Service Registry, delete the REGISTRY_HOME/work directory, and restart the registry.
    3. Listing 13-1 package.xml - HTTP Basic Enabled 
    .....
        <service-endpoint path="/inquiry" version="3.0" name="UDDIInquiryV3Endpoint" 
            service-instance="tns:UDDIInquiryV3" processing="tns:UDDIv1v2v3InquiryProcessing"
              accepting-security-providers="HttpBasic">
            <wsdl uri="uddi_api_v3.wsdl" service="uddi_api_v3:UDDI_Inquiry_SoapService"/>
            <envelopePrefix xmlns="arbitraryNamespace" value=""/>
            <namespaceOptimization xmlns="arbitraryNamespace">false</namespaceOptimization>
        </service-endpoint>
        <service-instance 
            implementation-class="com.systinet.uddi.publishing.v3.PublishingApiImpl" 
            name="UDDIPublishingV3"/>
        <service-endpoint path="/publishing" version="3.0" name="UDDIPublishingV3Endpoint" 
            service-instance="tns:UDDIPublishingV3" 
            processing="tns:UDDIv1v2v3PublishingProcessing" 
            accepting-security-providers="HttpBasic">
            <wsdl uri="uddi_api_v3.wsdl" service="uddi_api_v3:UDDI_Publication_SoapService"/>
            <envelopePrefix xmlns="arbitraryNamespace" value=""/>
            <namespaceOptimization xmlns="arbitraryNamespace">false</namespaceOptimization>
        </service-endpoint>
        <processing name="UDDIv3Processing">
          <use ref="uddiclient_v3:UDDIClientProcessing"/>
          <fault-serialization name="MessageTooLargeFaultSerializer" 
          serializer-class="com.systinet.uddi.publishing.v3.serialization.MessageTooLargeFaultSerializer" 
          serialized-exception-class="com.systinet.uddi.interceptor.wasp.MessageTooLargeException"/>
        </processing>
        <processing name="UDDIv1v2v3PublishingProcessing">
         <use ref="uddiclient_v3:UDDIClientProcessing"/>
         <use ref="uddiclient_v2:UDDIClientProcessing"/>
         <use ref="uddiclient_v1:UDDIClientProcessing"/>
         <!-- HttpBasic (without authtoken)         --> 
         <use ref="tns:HttpBasicInterceptor"/>        
        <interceptor name="MessageSizeCheckerInterceptor" 
           implementation-class="com.systinet.uddi.interceptor.wasp.MessageSizeCheckerInterceptor" 
           direction="in">
            <config:maxMessageSize>2097152</config:maxMessageSize>
            </interceptor>
        </processing>
        <processing name="UDDIv1v2v3InquiryProcessing">
            <use ref="tns:UDDIv3Processing"/>
            <use ref="tns:UDDIv2Processing"/>
            <use ref="tns:UDDIv1Processing"/>
            <use ref="tns:HttpBasicInterceptor"/>        
        </processing>
    .....

 

Netegrity SiteMinder

To allow Netegrity SiteMinder authentication:

  1. Modify REGISTRY_HOME/app/uddi/services/Wasp-inf/package.xml as follows:
    1. Under <processing name="UDDIv1v2v3PublishingProcessing"/>, add <use ref="tns:SiteMinderInterceptor"/>. This enables the SiteMinder authentication for all three versions of the UDDI Publishing API.
    2. Under <processing name="UDDIv1v2v3InquiryProcessing">, add <use ref="tns:SiteMinderInterceptor"/>. This enables the SiteMinder authentication for versions 1, 2, and 3 of the Inquiry API.
    3. Under <processing name="wsdl2uddiProcessing">, add <use ref="tns:SiteMinderInterceptor"/>. This enables the SiteMinder authentication for versions 2 and 3 of the WSDL2UDDI API.
    4. Add the attribute accepting-security-providers="Siteminder" to all service-endpoints you wish to access via Netegrity SiteMinder authentication.
    5. Under the elements <securityProviderPreferences> and <interceptor name="SiteMinderInterceptor", fill in:

      6. - <loginNameHeader> - login name header

      - <groupHeader> - group header

      - <delimiter> - group name delimiter.

      Note: You must set the same element values to both <securityProviderPreferences> and <interceptor name="SiteMinderInterceptor" elements.

      A fragment of the package.xml is shown in Listing 13-2

  2. Shutdown BEA AquaLogic Service Registry, delete the REGISTRY_HOME/work directory, and restart the registry.
    3. Listing 13-2 Example 3. package.xml - Netegrity SiteMinder Enabled 
    .....
      <!-- Netegrity SiteMinded security provider preferences for the server side -->
        <securityProviderPreferences xmlns="http://systinet.com/wasp/package/extension" 
           name="Siteminder">
            <loginNameHeader>sm-userdn</loginNameHeader>
            <groupHeader>sm-role</groupHeader>
            <delimiter>^</delimiter>
        </securityProviderPreferences>
        <!-- Netegrity SiteMinded interceptor-->
        <interceptor name="SiteMinderInterceptor" 
             implementation-class="com.systinet.uddi.security.siteminder.SmInterceptor" >
            <config:loginNameHeader>sm-userdn</config:loginNameHeader>
            <config:groupHeader>sm-role</config:groupHeader>
            <config:delimiter>^</config:delimiter>
        </interceptor>
    .....

 

Consoles Configuration

In this section, we will show you how to configure authentication for both Registry Console and Business Service Console. The configuration of consoles is very similar to the configuration of other endpoints.

Note: Referring to jar packages:
The file path REGISTRY_HOME/app/uddi/web.jar/WASP-INF/package.xml means the /WASP-INF/package.xml inside the JAR package REGISTRY_HOME/app/uddi/web.jar.

For the Registry Console, modify the file REGISTRY_HOME/app/uddi/web.jar/WASP-INF/package.xml with the following:

Listing 13-3 
<service-endpoint path="/web" name="WebUIEndpoint1" 
     service-instance="tns:WebUI" type="raw" other-methods="get" 
     accepting-security-providers="HttpBasic"/>
<service-endpoint path="/web/*" name="WebUIEndpoint2" 
     service-instance="tns:WebUI" type="raw" other-methods="get" 
     accepting-security-providers="HttpBasic"/>

If you want to set Netegrity SiteMinder provider, use accepting-security-providers="Siteminder"

For the Business Service Console do the same in the file REGISTRY_HOME/app/uddi/bsc.jar/WASP-INF/package.xml

We just set authentication providers for both HTTP and HTTPS protocols. Now, we must specify which protocol consoles will be using for user authentication. The default registry configuration is to use HTTP for browsing and searching. HTTPS is used for publishing. To avoid displaying the login dialog twice, (for the first time when accessing via HTTP then the second time when accessing via HTTPS), modify the configuration to use only one protocol.

For the Registry Console, modify url and secureUrl elements in the file REGISTRY_HOME/app/uddi/conf/web.xml to have the same value:

Listing 13-4 
<url>https://servername:8443</url>
<secureUrl>https://servername:8443</secureUrl>

For the Business Service Console, make the same change in the REGISTRY_HOME/app/uddi/bsc.jar/conf/web.xml file.


  Back to Top       Previous  Next