Use this information to configure trust identity (ID) evaluators.
This administrative console panel applies
only to Java™ API for XML-based RPC (JAX-RPC)
applications.
To view this administrative console page for trusted ID evaluators on the
server level, complete the following steps:
- Click server_name.
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using Websphere Application
Server version 6.1 or earlier, click
Web services: Default bindings
for Web services security.
mixv
- Under Additional properties, click Trusted ID evaluators.
- Click New to create a trusted ID evaluator or click the name of
an existing configuration to modify the settings.
![[Version 6 only]](../../v6plusapp.gif)
To view this administrative console page for trusted ID
evaluators on the application level, complete the following steps:
- Click application_name.
- Under Modules, click Manage modules > URI_name.
- Under Web Services Security Properties, click Web services: Server
security bindings.
- Under Request receiver binding, click Edit.
- Click Trusted ID evaluators.
- Click New to create a trusted ID evaluator or click Delete to
delete a trusted ID evaluator.
Important: Trusted
ID evaluators are only required for the request receiver (Version 5.x applications)
and the request consumer (Version 6.x applications), if identity assertion
is configured.
You can specify one of the following options:
- None
- Choose this option if you are not specifying a trusted ID evaluator.
- Existing evaluator definition
- Choose this option to specify a currently defined trusted ID evaluator.
- Binding evaluator definition
- Choose this option to specify a new trusted ID evaluator. A description
of the required fields follows.
Specifies the class name of the trusted ID evaluator.
The specified trusted ID evaluator class name must implement the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator
interface. The default TrustedIDEvaluator class is com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorImpl.
When you use this default TrustedIDEvaluator class, you must specify the name
and the value properties for the default trusted ID evaluator to create the
trusted ID list for evaluation.
To specify the name and value properties, complete the following steps:
- Under Additional properties, click Properties > New.
- Specify the trusted ID evaluator name as a property name. You must specify
the trusted ID evaluator name in the form, trustedId_n, where _n is
an integer from zero (0) to n.
- Specify the trusted ID as a property value.
For example:
property name="trustedId_0", value="CN=Bob,O=ACME,C=US"
property name="trustedId_1", value="user1"
If a distinguished
name (DN) is used, the space is removed for comparison.
Default |
com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorImpl |
See the programming model information in the documentation for an explanation
of how to implement the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator interface.