The reference implementation uses a property file that contains information used to lock the authentication service. A SPA client reads a sealed client-principal file and then sends the file when it communicates with the authentication service. The authentication service validates the seal by using the domain password, and then validates the role of the client-principal to see if it matches.

A default property file spaservice.properties is provided in $DLC\src\samples\security. You must copy this property file to your working directory $WRKDIR.

The property file contains these default values:

The default client-principal file spadefault.cp located in your installation directory at $DLC\src\samples\security, uses a password that corresponds to the encoded "Password" value in the table, and the role "SpaClient". For information on generating your own client-principal file using the genspacp utility, see Generating a sealed client-principal file.