You can attach the trust service operations for a new service endpoint
URL to system policy sets and bindings. The operations for each new endpoint
are attached to the Trust Service Default policy sets and bindings. Each new
endpoint initially has the following four operations: issue, renew, cancel,
and validate.
Before you begin
First you must define your policy sets and their bindings. Policy
sets describe the protection or quality of service that is provided (such
as message security, transport and so forth). Bindings specify some
details about how to implement the policy set, such as: the path for the keystore
file, the class name of the token generator, or the JAAS configuration name.
Important: Only use system policy sets with the trust service. The requestor
(client) must utilize only Java API for XML-Based Web Services (JAX-WS).
Requestors that use Java API for XML-based remote procedure
calls (JAX-RPC) are incompatible with the policy set QOS.
About this task
Attaching the trust service operations for a new endpoint to existing
policy sets and bindings requires two steps. After initially attaching the
endpoint, the following four operations are configured: issue, renew, cancel,
and validate. These four operations explicitly attach to Trust Service Defaults.
You can then modify these attachments to existing policy sets and bindings.
This
task describes how to create or manage service endpoint URLs that you want
to attach to the policy set and binding. To complete the configuration for
the WebSphere® Application
Server trust service, you must also create or manage targets.
If no
explicit bindings are attached, WebSphere Application Server uses
the cell-level default binding, referred to as Default.
Procedure
- To view existing trust service attachments, click Services >
Trust service > Trust service attachments. Until you create
the first attachment, only the default attachments for each operation are
displayed.
- To create an attachment, click New Attachment.
- Enter the service endpoint URL in a valid format. Note
that when the URL in the trust service attachment does not match the URL,
including matching the case, to which the trust service request is sent, the
policy set that is defined in the attachment is not applied. Instead, IBM® WebSphere Application
Server uses the policy set that is attached to the default for the trust operation.
For
example, where demo is the endpoint, you might enter:
http://localhost:9080/wssamplebeta/demo
- Click Attach to attach the URL and to return to the Trust
service attachments panel. After you click Attach, the Trust
service attachments panel displays the new service endpoint URL and the initial
four operations. The service endpoint URL that you specified is listed in
the Trust service attachments collection. These four token operations (cancel,
renew, validate and issue) for the specified endpoint are initially attached
to Trust Service Defaults.
- On the Trust service attachments panel, change the policy set or
binding attachment, as needed. You can return any operation to
its initial state by inheriting Trust Service Defaults.
Note: Changing the
policy set forces the binding to change to Default.
- Save your changes before applying the changes to the Web services
security runtime configuration.
- Click Update Runtime to update the Web services security
runtime configuration with any data changes for token providers, trust service
attachments, and targets. Whether the confirmation window appears
depends on whether you selected the Show confirmation for update runtime
command check box. Expand Preferences to view the check box.
- Optional: Confirm or cancel if the confirmation window
appears. If you deselected the Show confirmation for update
runtime command check box, all changes are made immediately without displaying
the confirmation window.
Results
You have provided the basic information to create a trust service
attachment and to configure a policy set, a binding, and the operation information.
What to do next
You can also create a new attachment for the trust service using
the wsadmin tool. The wsadmin tool examples are written in the Jython scripting
language.
Next, configure the security context token provider or configure
targets to complete the trust service configuration.