Anda di halaman 1dari 1

LOGIN SCENARIO MATRIX

Same configuration for Identity assertion Security attribute Custom Trusted Trusted Needs Needs custom login Needs application code
Requirements → propagation Outbound servers target password module
Cell LTPA User sending(5) target(6) sending(5) target(6) mapping (target) realms (8) sending target sending target
Scenarios ↓ registry (3) (sending) (sending)
Identity propagation (Default)
+(1) + + − − − − − − − − − − − −
Identity assertion
Identity assertion (simple)
− − + + + − − − +(2) − − − − − −
Identity assertion with trust
− − + + + − − − +(2) − − +(9) − + −
validation
Server-side Identity assertion
n.a. n.a. n.a. − − − − − − − − − +(9) − +
Identity mapping
Outbound identity mapping
− − − (7) − − − − − − − + +(10) − + −
from application code
Outbound identity mapping
− − − (7) − − − − +(4) − − + + − − −
using custom login module
Inbound identity mapping
− + − (7) − − − − − − − − − + − −
Attribute propagation
Security attribute propagation
− (11) − (11) − (11) − − + + − − +(11) n.a. − − + +
Custom token propagation
− (12) − (12) − (12) − − − − − − − n.a. + + − −
Custom token object
− (12) − (12) − (12) − − − − − − − n.a. + + − −
propagation

(1) When application servers are using the same LTPA keys and the same User registry, they are probably in the same cell.
(2) Sending server's ID or a list of those
(3) User registry, in WebSphere's case it is also the realm
(4) Note that Custom outbound mapping is enabled by default when Security attribute propagation is enabled
(5) CSIv2 outbound authentication
(6) CSIv2 inbound authentication
(7) The point of mapping is to map between different User registries
(8) The scenario requires the presence of the user's password sometime during the login process
(9) New application login configuration, develop a new custom login module
(10) Only login configuration, no development
(11) It is not required to share LTPA keys and use the same realm - in that case the Trusted target realms have to be set -, it works both ways.
(12) It is not required to share LTPA keys and use the same realm, it works both ways.
n.a. - not applicable

Anda mungkin juga menyukai