Unless clients are authenticated, access to grid data and
JMX management operations that control the grid are left unprotected.
This is true even if SSL is enabled in the OSGi framework.
About this task
The authentication behavior that is required by eXtreme Scale clients is determined
by the credentialAuthentication=required setting
in the server.properties file, the KeyStoreLogin setting
in the og_jaas.config JAAS configuration file,
and the KeyStoreLoginAuthenticator setting in
the security.xml file. Use one of the following
methods to authenticate clients.
Procedure
- Reference a security descriptor
XML file in each catalog server using -DclusterSecurityFile="path_name"
JVM argument.
Use this JVM argument on the OSGi command
line when you start the catalog server.
To enable security,
this file must have securityEnabled=”true”
in the
security element. The security descriptor XML file must also contain
a descriptor of the authenticator that you want to use. WebSphere eXtreme Scale includes the LDAPAuthenticator
,
the KeyStoreLoginAuthenticator
, and the WSTokenAuthenticator
.
You cannot use the WSTokenAuthenticator
authenticator
in the stand-alone environments. You can only use this authenticator
when eXtreme Scale clients
and servers are both running with WebSphere Application Server. Alternatively, you
can develop custom authenticators and login modules, according to
the interfaces described in the API documentation.
- Reference a JAAS configuration file in each catalog and
container server using the
-Djava.security.auth.login.config="path_name"
JVM
argument.
- Configure the client to pass the credentials that are required
for authentication.