The following WebSphere Security APIs and SPIs are not available on Liberty:
com.ibm.websphere.crypto.KeyGeneratorcom.ibm.websphere.crypto.KeyPaircom.ibm.websphere.crypto.KeyPairGeneratorcom.ibm.websphere.crypto.KeySetHelpercom.ibm.websphere.security.auth.WSPrincipalcom.ibm.websphere.security.auth.IdentityPrincipalcom.ibm.websphere.security.auth.MappingAuthDatacom.ibm.websphere.security.auth.AuthenticationFailedExceptioncom.ibm.websphere.security.auth.AuthenticationNotSupportedExceptioncom.ibm.websphere.security.auth.MapCredentialFailedExceptioncom.ibm.websphere.security.auth.MapCredentialNotSupportedExceptioncom.ibm.websphere.security.auth.UnsupportedRealmExceptioncom.ibm.websphere.security.auth.ValidationFailedExceptioncom.ibm.websphere.security.auth.ValidationNotSupportedExceptioncom.ibm.websphere.security.auth.callback.NonPromptCallbackHandlercom.ibm.websphere.security.auth.callback.WSCcacheCallBackHandlerImplcom.ibm.websphere.security.auth.callback.WSGUICallbackHandlerImplcom.ibm.websphere.security.auth.callback.WSStdinCallbackHandlerImplcom.ibm.websphere.security.DistributedUserMappingFailedExceptioncom.ibm.websphere.security.oidc.utilcom.ibm.websphere.security.ProviderFailureExceptioncom.ibm.websphere.security.SAFRoleMappercom.ibm.websphere.security.TrustAssociationInterceptorcom.ibm.websphere.security.UserMappingcom.ibm.websphere.security.UserMappingExceptioncom.ibm.websphere.security.WebSphereBaseTrustAssociationInterceptorcom.ibm.websphere.ssl.protocol
Note: Although there is no direct replacement, the recommended approach for secure socket connections is to acquire the SSLContext via the JSSEHelper.
For migrations and ssl troubleshooting, please read the security documentation.
com.ibm.ws.security.core.SecurityContextcom.ibm.ws.security.util.LoginHelpercom.ibm.ws.security.util.ByteArraycom.ibm.wsspi.security.auditcom.ibm.wsspi.security.auth.callback.WSIdentityCallbackcom.ibm.wsspi.security.auth.callback.WSMappingCallbackHandlerFactorycom.ibm.wsspi.security.auth.callback.WSProtocolPolicyCallbackcom.ibm.wsspi.security.auth.callback.WSTokenHolderCallbackcom.ibm.wsspi.security.auth.WSSubjectWrappercom.ibm.wsspi.security.authorizationcom.ibm.wsspi.security.contextcom.ibm.wsspi.security.crypto.aes
Note: There is no direct replacement, but the CustomPasswordEncryption is a close alternative.
com.ibm.wsspi.security.csiv2com.ibm.wsspi.security.ltpacom.ibm.wsspi.security.policycom.ibm.wsspi.security.securitydomain
Note: Liberty does not support security domains. If separate security domains are required, please create separate liberty servers.
com.ibm.wsspi.security.spnego
Note: SPENGO can be enabled via the 'spnego-1.0 ' feature. If filtering is required, the recommended approach is to use an 'Authentication Filter' (authFilter).
com.ibm.wsspi.security.tai.NegotiateTrustAssociationInterceptorcom.ibm.wsspi.security.tai.NegotiateTrustAssociationInterceptorImplcom.ibm.wsspi.security.tai.TrustAssociationInterceptorExtcom.ibm.wsspi.security.token.AuthenticationTokencom.ibm.wsspi.security.token.AuthorizationTokencom.ibm.wsspi.security.token.KerberosTokencom.ibm.wsspi.security.token.PropagationTokencom.ibm.wsspi.security.token.TokenHoldercom.ibm.wsspi.security.token.WSOpaqueTokenHelpercom.ibm.wsspi.security.web.samlcom.ibm.wsspi.ssl.RetrieveSignersHelpercom.ibm.wsspi.ssl.WSPKIClientcom.ibm.IExtendedSecurityYou must modify the application so that it can run on Liberty.
This rule is flagged once per Java class.
For information about other APIs and SPIs that are not supported on Liberty, see Some APIs and SPIs are not available on Liberty.