You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the STSManagement group can be used to manage and query Trust service token provider configurations and endpoint configurations.
The STSManagement command group contains commands that allow you to configure existing token providers, assign token providers to endpoints, and modify general trust serviceconfiguration data. The commands in this group that perform configuration changes require that you execute the save command to commit the changes. No configuration changes are made if an exception is created when executing a command.
The querySTSDefaultTokenType command is used to determine the local name of the default token provider.
Target object
None
Required parameters
None
Optional parameters
None
Return value
The command returns the local name of the default token provider.
Batch mode example usage
AdminTask.querySTSDefaultTokenType()
Interactive mode example usage
AdminTask.querySTSDefaultTokenType('[-interactive]')
The listSTSConfiguredTokenTypes command is used to list the local names of all configured token providers.
Target object
None
Required parameters
None
Optional parameters
None
Return value
The command returns the local names of all configured token providers.
Batch mode example usage
AdminTask.listSTSConfiguredTokenTypes()
Interactive mode example usage
AdminTasklistSTSConfiguredTokenTypes('[-interactive]')
The setSTSDefaultTokenType command is used to set the default token provider for the trust service.
Target object
Specify the LocalName object of the token provider as default.
Required parameters
None
Optional parameters
None
Return value
The command returns a success or failure message.
Batch mode example usage
AdminTask.setSTSDefaultTokenType('TokenType2')
Interactive mode example usage
AdminTask.setSTSDefaultTokenType('[-interactive]')
The querySTSTokenTypeConfigurationDefaultProperties command is used to query the trust service for the non-custom properties of a token provider.
Target object
Specify the LocalName object of the token provider to query.
Required parameters
None
Optional parameters
None
Return value
The command returns a java.util.Properties instance which contains the values of the non-custom properties. Non-custom properties include URI, HandlerFactory, lifetimeMinutes, distributedCache, postdatable, renewableAfterExpiration, and renewalWindowMinutes.
Batch mode example usage
AdminTask.querySTSTokenTypeConfigurationDefaultProperties('TokenType2')
Interactive mode example usage
AdminTask.querySTSTokenTypeConfigurationDefaultProperties('[-interactive]')
The querySTSTokenTypeConfigurationCustomProperties command is used to query the trust service.
Target object
Specify the LocalName object of the token provider of interest.
Required parameters
None
Optional parameters
None
Return value
The command returns a java.util.Properties instance containing the values of the custom properties.
Batch mode example usage
AdminTask.querySTSTokenTypeConfigurationCustomProperties('TokenType2')
Interactive mode example usage
AdminTask.querySTSTokenTypeConfigurationCustomProperties('[-interactive]')
The updateSTSTokenTypeConfiguration command is used to update configuration data for a token provider. All parameters are optional. The parameters that are specified are updated in the configuration if the property already exists. If the property does not exist, it is added to the configuration. To remove custom properties, use the deleteSTSTokenTypeConfigurationCustomProperties command.
Target object
Specify the LocalName object of the token provider of interest.
Required parameters
None
Optional parameters
Return value
The command returns a success or failure message.
Batch mode example usage
AdminTask.updateSTSTokenTypeConfiguration('myTokenType','-lifetimeMinutes 100 -renewableAfterExpiration false -distributedCache true')
Interactive mode example usage
AdminTask.updateSTSTokenTypeConfiguration ('[-interactive]')
The deleteSTSTokenTypeConfigurationCustomProperties command is used to remove custom properties from a token provider configuration.
Target object
Specify the LocalName object of the token provider of interest.
Required parameters
None
Optional parameters
Return value
The command returns a success or failure message.
Batch mode example usage
AdminTask.deleteSTSTokenTypeConfigurationCustomProperties('myTokenType','-propertyNames com.ibm.ws.security.webChallengeIfCustomSubjectNotFound com.ibm.ws.security.defaultLoginConfig')
Interactive mode example usage
AdminTask.deleteSTSTokenTypeConfigurationCustomProperties ('[-interactive]')
The assignSTSEndpointTokenType command is used to give a token provider when a specific endpoint is accessed.
Target object
Specify the endpointURI object of the endpoint to assign a given token provider. If the specified endpoint has already been assigned a token provider, you will receive an error message.
Required parameters
None
Optional parameters
Return value
The command returns a success or failure message.
Batch mode example usage
AdminTask.assignSTSEndpointTokenType('www.ibm.tokenservice/Ecommerce/','-LocalName tokenType1')
Interactive mode example usage
AdminTask.assignSTSEndpointTokenType ('[-interactive]')
The listSTSAssignedEndpoints command is used to list the URIs of assigned endpoints.
Target object
None
Required parameters
None
Optional parameters
None
Return value
The command returns the URIs of all assigned endpoints.
Batch mode example usage
AdminTask.listSTSAssignedEndpoints()
Interactive mode example usage
AdminTask.listSTSAssignedEndpoints ('[-interactive]')
The listSTSEndpointTokenTypes command is used to query the Trust Service for the token provider assigned to a specific endpoint.
Target object
Specify the endpointURI object of the endpoint to query. An exception is raised if the specified endpoint has not been assigned a token provider.
Required parameters
None
Optional parameters
None
Return value
The command returns the local name of the token provider assigned to the specified endpoint.
Batch mode example usage
AdminTask.listSTSEndpointTokenTypes()
Interactive mode example usage
AdminTask.listSTSEndpointTokenTypes ('[-interactive]')
The updateSTSEndpointTokenType command is used to assign a different token provider to a specified endpoint.
Target object
Specify the endpointURI object of the endpoint to update. An exception is raised if the specified endpoint has not been assigned a token provider.
Required parameters
Optional parameters
None
Return value
The command returns a success or failure message.
Batch mode example usage
AdminTask.updateSTSEndpointTokenType('www.ibm.tokenservice/Ecommerce/','-LocalName tokenType2')
Interactive mode example usage
AdminTask.updateSTSEndpointTokenType ('[-interactive]')
The unassignSTSEndpointTokenType command is used to unassign an endpoint from its token provider.
Target object
Specify the endpointURI object of the endpoint to unassign from a given token provider. An exception is raised if the specified endpoint has not been assigned a token provider.
Required parameters
Optional parameters
Return value
The command returns a success or failure message.
Batch mode example usage
AdminTask.unassignSTSEndpointTokenType('www.ibm.tokenservice/Ecommerce/','-LocalName tokenType2')
Interactive mode example usage
AdminTask.unassignSTSEndpointTokenType ('[-interactive]')
The listSTSProperties command lists all existing properties and their corresponding values for the trust service.
Target object
None
Required parameters
None
Optional parameters
None
Return value
The command returns a java.util.Properties instance that contains the names and values of the properties.
Batch mode example usage
AdminTask.listSTSProperties()
Interactive mode example usage
AdminTask.listSTSProperties('[-interactive]')
The addSTSProperty command adds a new property for the trust service.
Target object
Specify a unique name for the new property (string, required).
Required parameters
Optional parameters
None
Return value
The command returns a success or failure message.
Batch mode example usage
AdminTask.addSTSProperty('pluginSCTVersion', '-propertyValue 2.0')
Interactive mode example usage
AdminTask.addSTSProperty('[-interactive]')
The editSTSProperty command modifies an existing property for the trust service.
Target object
Specify the name of the property to edit. (String, required)
Required parameters
Optional parameters
None
Return value
The command returns a success or failure message.
Batch mode example usage
AdminTask.editSTSProperty('pluginSCTVersion', '-propertyValue 2.1')
Interactive mode example usage
AdminTask.editSTSProperty('[-interactive]')
The deleteSTSProperty command deletes an existing property from the trust service.
Target object
Specify the name of the property to delete.
Required parameters
None
Optional parameters
None
Return value
The command returns a success or failure message.
Batch mode example usage
AdminTask.deleteSTSProperty('pluginSCTVersion')
Interactive mode example usage
AdminTask.deleteSTSProperty('[-interactive]')
The refreshSTS command refreshes your trust service configuration changes without restarting the application server.
Target object
None
Required parameters
None
Optional parameters
None
Return value
The command returns a success or failure message.
Batch mode example usage
AdminTask.refreshSTS()