JASPI authentication providers collection

The Java™ Authentication Service Provider Interface (JASPI) for Containers Version 1.1 specification defines standard system programming interfaces that enable developers to write a pluggable custom authentication provider that can handle Java EE web authentication mechanisms as well as any extended authentication processing. The WebSphere® Application Server runtime uses these standard system programming interfaces to invoke the JASPI authentication provider.

Read the Servlet Container Profile section in the JSR 196: Java Authentication Service Provider Interface for Containers specification for the requirements that third-party authentication providers must satisfy for more information.

If application security is enabled, and JASPI authentication is enabled with providers configured, when a web resource (such as a servlet or a JavaServer Page (JSP) file) is accessed, the security runtime checks if the web resource is mapped to a JASPI provider defined in the security configuration. If so, the runtime invokes the JASPI authentication provider to perform authentication for the HTTP request and response messages.

Note: WebSphere Application Server only supports the HttpServlet message layer profile as defined in the JASPI specification.

To view this administrative console page, click Security > Global security. Under Authentication, click Providers.

To configure a new custom JASPI authentication provider in the cell or in the given security domain, click New and specify provider settings.