Typically, TAI will verify the user's password using the UserRegistry, obtain the user's groups, and other information. In case where  the user has already been authenticated by some external authentication system other than WebSphere Application Server,is  it possible to inform WebSphere Application Liberty Server of the user's identity information rather than requiring look up in the LDAP or any ID management system again?  basically, can we leave Liberty/WAS without having  any LDAP or custom user registry or ID management  configuration and solely dependent on the information (userid, groupid/roleid) passed to it via header or a cookie? 

Hi, this old yet valid article provides a great number of information regarding websphere authentication mechanism.

Advanced authentication in WebSphere Application Server

Specifically we used the TAI system paired to the hashtable JAAS adapter to obtain what you ask.

Beware this has limits (it doesn't implement or support the WIM semantic of federated registries).

It's important you understand that any group operation on users logged in through this system just won't work.

Daniele Vistalli

CEO & CTO @ Factor-y S.r.l.