About Identity Management Tools
See Also
Identity Management tools provide security and identity support for the Java Platform, Enterprise Edition (Java EE) modules in the NetBeans IDE. This includes support for development of interoperable web services via the use of WSI-BSP (Basic Security Profile) token profiles. In this release, the following token profiles are supported:
- UserNameToken. Securing the web service is accomplished using a user name and password, and optionally signing the request. In this profile, a web service consumer can supply a UserNameToken as a means of identifying the requester by "username" and optionally using a password (or shared secret, or password equivalent) to authenticate that identity to the web service provider.
- X509Token. Securing the web service is accomplished using PKI (public key infrastructure), in which the web service consumer and the web service provider trust each other's public keys or have a common trusted certificate authority. In this profile, a web service consumer would supply his public key as a means of identifying the requester to authenticate itself to the web service provider.
- SAML-HolderOfKey. Securing the web service is accomplished using SAML (Security Assertions Markup Language) using holder-of-key confirmation method. In this profile, a web service consumer would supply a SAML assertion with confirmation method to be holder-of-key as a means of identifying the requester to authenticate itself to the web service provider.
- SAML-SenderVouches. Securing the web service is accomplished using SAML using sender-vouches as the confirmation method. In this profile, a web service consumer would supply a SAML assertion with confirmation method to be sender-vouches to assert that it is acting on behalf of the subject of the SAML subject statement, as a means of identifying the requester to authenticate itself to the web service provider.
- LibertyX509Token. Securing the web service is accomplished using Web Service Security X.509 Certificate Token Profile (X509Token described above), but using Liberty-defined processing rules.
- LibertyBearerToken. Securing the web service is accomplished using Web Service Security SAML Token Profile (SAML-HolderOfKey described above), but using Liberty-defined processing rules.
- LibertySAMLToken. Securing the web service is accomplished using Web Service Security SAML Token Profile (SAML-SenderVouches described above), but using Liberty-defined processing rules.
You can enable message-level security for web service clients:
You can enable message-level security for web service providers:
When you enable message-level security for web service providers and clients, the security is enabled when you deploy to your application server. At deployment, the application server communicates with the Access Manager server instance you select during the configuration of the message-level security.
If you enable message-level security for web service clients and providers, you must also configure a security mechanism for the Sun Java System Access Manager server instance associated with your web service clients and providers. For an overview of server instance tasks, see Working with Sun Java System Access Manager Instances.
- See Also
- Configuring EJB Deployment Descriptors
- Configuring Web Application Deployment Descriptors
- About the Web Service Attributes Editor
- Using a Custom Keystore for the Liberty Token Profile
Legal Notices