Configure the WebSphere® Application Server
trust service to issue a specific security token to the requestor
for communication with an endpoint. Use the administrative console
to configure the security context token provider that the trust service
provides.
Before you begin
WebSphere Application Server provides a
trust service. The trust service provides both a security token service
and additional WebSphere Application Server trust-related
functionality. To configure the trust service, in addition to managing
the security context token provider, you must first complete the following
tasks:
- Create or manage supported targets. You can create explicit assignments
for new service endpoints (targets) or manage endpoints that have
the security context token provider explicitly assigned or that inherit
the token provider designated as the Trust Service default.
- Create or manage the attachment of token operations for service
endpoints to policy sets and bindings.
The order in which you complete these tasks is not important.
About this task
This task describes how to manage the security context
token provider and how to define or modify the properties of the security
context token provider.
Depending on your assigned security role
when security is enabled, you might not have access to text entry
fields or buttons to create or edit configuration data. Review the
administrative roles documentation to learn more about the valid roles
for the application server.
Procedure
- To manage the security context token provider, click Services >
Trust service > Token providers.
- To edit the settings of the security context token provider
configuration, click the link for the token provider name. You
cannot edit the name, class name, or token type schema URI when modifying
the token provider information.
- The format of the token type schema Uniform Resource
Identifier (URI) is in the standard URI format. For example,
for a version 1.3 security context token, the URI is: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct
- Change the amount of time, in minutes, in the Time
in cache after timeout field that the expired token is kept in
cache and where the token can still be renewed. The default
value is 120 minutes. This value cannot be less than 10 minutes.
- Change the amount of time, in minutes, in the Token
timeout field that the issued token is valid. The default
value is 10 minutes. This value cannot be less than 10 minutes.
- Select the Allow renewal after timeout check
box to enable the renewal of a token after the token has expired. If selected, the amount of time, within which an expired token
can still be renewed, is specified in minutes in the Time in cache
after expiration field.
- Select the Allow postdated tokens check box to
enable postdated tokens. Use postdated tokens to specify
whether a client can request a token to become valid at a later time.
- Select the Support Secure Conversation Token v200502 to
enable use of the older draft submission specification level of the
security context token. The correct URI for this level
of the token type schema appears in the field under the check box: http://schemas.xmlsoap.org/ws/2005/02/sc/sct.
- Click New to define a new custom property or
click Edit to modify the custom property. Specify
these settings using the Custom Properties setting. Custom properties
are used to set internal system configuration properties. Custom
properties are arbitrary name-value pairs of data, where the name
might be a property key or a class implementation, and where the value
might be a string or the value might be a true or false value.
- If you define a custom property, type a name. Refer
to the documentation for the token provider for valid custom property
names.
- If you define a custom property, type a value. Refer
to the documentation for the token provider for the values for a property
name.
- Repeat defining the name and the value for each custom
property that you add.
- Click OK. You are returned to the
Token providers panel.
- Save your changes before applying the changes to the Web
Services Security runtime configuration.
- Click Update Runtime to update the Web Services
Security runtime configuration with any data changes for token providers,
trust service attachments, and targets. Whether the confirmation
window is displayed depends on whether you select the Show confirmation
for update runtime command check box. Expand Preferences to
view the check box.
- Optional: Confirm or click Cancel when
the confirmation window appears. If you deselected the Show
confirmation for update runtime command check box, all changes
are made immediately without displaying the confirmation window.
Results
You have completed the required steps to modify the security
context token provider configuration and to update the Web Services
Security runtime configuration. You can also update the security context
token provider configuration for the trust service using the wsadmin
tool. The wsadmin tool examples are written in the Jython scripting
language.
What to do next
Next, if you have not done so already, you must also configure
targets or configure attachments to complete the trust service configuration.