Configuring the client authentication

To configure client authentication between the authentication client and the authentication server, it is recommended that you enable WebSphere® application security.

Before you begin

After WebSphere application security is enabled, you can add the role called TrustClientRole to the WebSphere administrator user that you specified during Control Desk installation. This provides added security for the authentication service by restricting the users that can authenticate to the authentication service to only those with the TrustClientRole.

To add the TrustClientRole to the WebSphere administrator specified during the product installation, complete the following steps:

Procedure

  1. Log in to the WebSphere Administration Console.
  2. Under the Security tab, click Enterprise Applications. The Enterprise Applications pane is displayed.
  3. In the Enterprise Applications table, click on the Authentication Service application (authnsvc_ctges) in the Name column. The Enterprise Applications > authnsvc_ctges pane is displayed.
  4. In the Enterprise Applications > authnsvc_ctges pane, in the Detailed Properties list, click the Security role to user/group mapping link. The Enterprise Applications > authnsvc_ctges > Security role to user/group mapping pane is displayed.
  5. In the table on the Enterprise Applications > authnsvc_ctges > Security role to user/group mapping pane, complete the following steps:
    • In the table, select the checkbox next to TrustClientRole.
    • Clear the Everyone check box.
    • Click the Lookup Users or Lookup Groups button. The Enterprise Applications > authnsvc_ctges > Security role to user/group mapping > Lookup users or groups pane is displayed.
    • In the Enterprise Applications > authnsvc_ctges > Security role to user/group mapping > Lookup users or groups pane, complete the following steps:
      • Search for users or groups, using the Limit and Search string input boxes. When a group or user is found, it is displayed in the Available list.
      • From the Available list, select the desired user or group.
      • Click on the >> button to add that user or group to the Selected list.
    • Click OK. The Enterprise Applications > authnsvc_ctges > Security role to user/group mapping pane is displayed.
    • In the Enterprise Applications > authnsvc_ctges > Security role to user/group mapping pane, clear the Everyone check box.
    • Click OK. The Enterprise Applications > authnsvc_ctges pane is displayed.
    • Click Save to save the configuration. The Enterprise Applications pane is displayed.
    • Click OK. The Enterprise Applications > authnsvc_ctges pane is displayed.
Parent topic: Configuring for single sign-on

Feedback