You can attach the trust service operations
for a new service
endpoint URL to system policy sets and bindings. The operations for
each new endpoint are attached to the Trust Service Default policy
sets and bindings. Each new endpoint initially has the following four
operations: issue, renew, cancel, and validate.
Before you begin
First you must define your policy sets
and their bindings. Policy
sets describe the protection or quality of service that is provided
(such as message security, transport and so forth). Bindings specify
some details about how to implement the policy set, such as: the path
for the keystore file, the class name of the token generator, or the
JAAS configuration name.
Important: Only use system
policy sets with the trust service. The requestor (client) must utilize
only Java API for XML-Based Web Services (JAX-WS).
Requestors that use Java API
for XML-based remote procedure calls (JAX-RPC) are incompatible with
the policy set QOS.
About this task
Attaching the trust
service operations for a new endpoint
to existing policy sets and bindings requires two steps. After initially
attaching the endpoint, the following four operations are configured:
issue, renew, cancel, and validate. These four operations explicitly
attach to Trust Service Defaults. You can then modify these attachments
to existing policy sets and bindings.
This task describes how
to create or manage service endpoint URLs that you want to attach
to the policy set and binding. To complete the configuration for the WebSphere® Application Server trust service,
you must also create or manage targets.
If no explicit bindings
are attached, WebSphere Application Server uses the cell-level
default binding, referred to as Default.
Procedure
- To
view existing trust service attachments, click . Until you create the first attachment,
only the default attachments
for each operation are displayed.
- To create
an attachment, click New Attachment.
- Enter the service endpoint URL in a valid format. Note
that when the URL in the trust service attachment does not match the
URL, including matching the case, to which the trust service request
is sent, the policy set that is defined in the attachment is not applied.
Instead, IBM® WebSphere Application Server
uses the policy set that is attached to the default for the trust
operation.
For example, where demo is the endpoint, you
might enter:
http://localhost:9080/wssamplebeta/demo
- Click Attach to attach the
URL and
to return to the Trust service attachments panel. After
you click Attach, the Trust service attachments
panel displays the new service endpoint URL and the initial four operations.
The service endpoint URL that you specified is listed in the Trust
service attachments collection. These four token operations (cancel,
renew, validate and issue) for the specified endpoint are initially
attached to Trust Service Defaults.
- On the
Trust service attachments panel, change the policy
set or binding attachment, as needed. You can return any
operation to its initial state by inheriting Trust Service Defaults.
Note: Changing
the policy set forces the binding to change to Default.
- Save your changes before applying the changes to
the Web
Services Security runtime configuration.
- Click Update
Runtime to update the
Web Services Security runtime configuration with any data changes
for token providers, trust service attachments, and targets. Whether
the confirmation window appears depends on whether you selected the Show
confirmation for update runtime command check box. Expand Preferences to
view the check box.
- Optional: Confirm
or cancel if the confirmation
window appears. If you deselected the Show confirmation
for update runtime command check box, all changes are
made immediately without displaying the confirmation window.
Results
You have provided the basic information
to create a trust
service attachment and to configure a policy set, a binding, and the
operation information.
What to do next
You can also create
a new attachment for the trust service
using the wsadmin tool. The wsadmin tool examples are written in the
Jython scripting language.
Next, configure the security context
token provider or configure targets to complete the trust service
configuration.