Versions Compared

Old Version 2

changes.mady.by.user Oliver Wulff

Saved on

compared with

New Version 3

changes.mady.by.user Oliver Wulff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

WAS security runtime supports a notion of a security session using a specific security token called LTPA Token which is implemented as a HTTP cookie. The cookie lifetime is specified at the WAS administrative Cell level, which implies that it is not possible to configure this value per request based on the requirements for an application.
The TAI is no more involved after login once the LTPA Token is set which means a Web Application level component must intercept each request to check the security token (ex. SAML) lifetime and redirect the browser back to the IDP for re-authentication.

...

The Fediz Plugin Websphere ships a Java Servlet Filter which enforces the validity of the lifetime of the security token. This Servlet Filter must be configured in each Web Application module that is deployed on WAS.

Build Fediz Websphere Library

You have to build the Fediz plugin on your own as it depends on IBM Websphere libraries. If you have built the plugin on your own you'll find the required libraries in plugins/websphere/target/...zip-with-dependencies.zip

Installation

...

Pre-Requisites

The Administrative and Application security must be activated for the WAS security layer to be able to intercept secured resources access requests. The local User Registry must be properly configured and at least one group of users must be declared in the registry prior any application installation.
At runtime, the WAS security layer will use the defined User/Group registry and the Fediz plugin maps the roles in the SAML token to WAS groups from this registry using the specified Role to Group mapper.
At deployment time, the declared J2EE security roles will need to be mapped to these groups, either using the Administrative Console or using the WAS binding files.

Plugin Installation

The Fediz Websphere plugin and its dependencies must be copied in the WAS_INSTALL_ROOT>/lib/ext directory of WebSphere Application Server, on each configured Node of the Cell (including the Deployment Manager)

The Fediz configuration file (ex. fediz-config.xml) and the configured truststore should be copied in a directory with read permission for the WAS runtime user, on each configured Node of the Cell (including the Deployment Manager).
Note: Using a shared filesystem is recommended.

Fediz configuration

...

Federation Metadata document

...