You can associate a security token provider with a service endpoint
using the administrative console. After entering the service endpoint URL,
the token provider configured as the Trust Service Default is explicitly associated
with the service endpoint.
Before you begin
The Web Services Secure Conversation specification defines the
protocol for a client to establish a secure session with a target service.
The security token service that WebSphere® Application Server provides,
referred to as the trust service, issues the Security Context Token (SCT).
The security context token is required for Web Services Secure Conversation
(WS-SecureConversation).
About this task
This task describes how to register a service endpoint (target)
with the trust service. Registration of an service endpoint with the trust
service initially associates the token provider configured as the Trust Service
Default with that service endpoint.
To complete the configuration for
the trust service, you must have completed the following tasks:
- Manage the Security Context Token.
- Create or manage service endpoint URLs that you want to attach to the
policy set and binding.
The order in which you complete these tasks is not important.
Procedure
- To configure a custom endpoint target, click Services > Trust
service > Targets > New Assignment.
- At the New assignment panel, enter the Universal Resource Locator
(URL) for the service endpoint, and click Assign. You
are returned to the Targets panel where the custom service endpoint URL is
displayed in the list. Initially, the token that is explicitly assigned to
the custom endpoint is the token that is assigned as the Trust Service Default.
- At the Targets panel, select the check box for a service endpoint,
click Change Token, and select one of the following:
- Security Context Token (SCT). A security context
token is defined by the WS-SecureConversation specification.
- Inherit Default if you want the token that is issued
to be the token assigned as the Trust Service Default. The endpoint is not
displayed in the list when the assignment is inherited because the token is
no longer explicitly assigned to the endpoint.
- At the targets panel, click the token name link for an existing
endpoint target to modify the token provider configuration information.
- Save your changes before applying the changes to the Web services
security runtime configuration.
- Click Update Runtime to update the Web services security
runtime configuration with any data changes for token providers, trust service
attachments, and targets. Whether the confirmation window is displayed
depends on whether you select the Show confirmation for update runtime
command check box. Expand Preferences to view the check box.
- Optional: Confirm or click Cancel when the confirmation
window appears. If you deselected the Show confirmation for
update runtime command check box, all changes are made immediately without
displaying the confirmation window.
Results
When you complete these steps, service endpoints explicitly associated
with a token provider are displayed in the Targets collection. Service endpoints
that have been changed to inherit the token provider configured as the Trust
Service Default are not displayed. You can also configure the security token
service to issue a specific token for access to a target using the wsadmin
tool. The wsadmin tool examples are written in the Jython scripting language.
What to do next
You have completed the required steps to create a service endpoint
URL, to assign the token to be issued for access to the target, and to update
the Web services security runtime configuration. Next, if you have not completed
these tasks already, configure the Security Context Token provider or configure
attachments to the policy set and binding to complete the trust service configuration.