Authentication on Liberty application client container
The authentication requirements on the client are the same as on the server, but some of the mechanisms to authenticate on the client are different than on the server.
Authentication is required on the client when accessing a protected
resource on the server. Follow one of these methods to provide the
authentication information:
- Specify a user and password in the client.xml file: The credentials are sent to the server using the CSIv2 protocol and it is recommended that you encrypt or encode the password. For further details, see Configuring the outbound CSIv2 authentication layer in Liberty application client container.
- Client certificate authentication: The client presents the server a certificate, which is authenticated and mapped to a user in the registry for authorization checks. To configure the server, see Configuring inbound CSIv2 transport layer. To configure the client, see Configuring the outbound CSIv2 transport layer in Liberty application client container.
- Perform a programmatic login: Programmatic login is a type of form login that supports application presentation login forms for authentication. This approach requires the application developer to collect the user's credentials and authenticate that user. For further details, see Configuring a JAAS programmatic login on Liberty application client container.
As on the server, you can use a custom login module to either make more authentication decisions or add information to the subject to make finer-grained authorization decisions inside your client application. For further details, see Configuring a JAAS custom login module for Liberty application client container.