You can use the wsadmin tool, which supports the Jython
and Jacl scripting languages, to manage the association of endpoints
and tokens. Use this topic to query, assign, and unassign the association
of a token provider with an endpoint Uniform Resource Identifier (URI).
Before you begin
Before you can assign and manage endpoint configurations,
at least one token provider configuration and a Web service must exist.
About this task
Use the STSManagement group of commands to specify a custom
service endpoint Uniform Resource Identifier (URI) and to assign and
unassign the association of trust service token providers with endpoint
configurations. Complete the steps in this topic to query the trust
service for the existing endpoint configuration, associate the default
token with an endpoint, and unassociate a token from an endpoint.
You can perform these steps in any order.
Procedure
- Associate a token with a specific endpoint.
- View a list of all endpoint URIs that are currently
associated with a token provider.
Before invoking changes
on your endpoint configurations, use the following listSTSAssignedEndpoints
command to examine your current settings:
AdminTask.listSTSAssignedEndpoints()
If
the endpoint of interest is currently associated with a token, do
not use the assignSTSEndpointTokenType command. To update the token
that is associated with the endpoint, use the updateSTSEndpointTokenType
command in the next step.
- Associate a token with an endpoint.
Use
the assignSTSEndpointTokenType command to specify the token to issue
for access to a specific endpoint. You do not need to specify the
name of the token provider to assign if the token provider is set
as the default configuration. For example, the following command assigns
the
Security Context Token default token to the
http://www.mycompany.com:8080/Ecommerce/Catalog endpoint
URI:
AdminTask.assignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog')
If
Security
Context Token is not the default token provider, use the following
command:
AdminTask.assignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog',
'-LocalName Security Context Token')
The command
returns a message indicating the success of the operation.
- Save your configuration changes.
Use the
following command to save your changes:
AdminConfig.save()
- Reload the modified configuration changes.
Use
the following command to force the trust service to reload your modified
configuration without restarting the application server:
AdminTask.refreshSTS()
- Disassociate a token from an endpoint.
- Examine the current endpoint configuration.
Use
the listSTSAssignedEndpoints to view a list of each endpoint URI with
assigned token providers, as the following example describes:
AdminTask.listSTSAssignedEndpoints()
The
following sample output is displayed:
'http://www.mycompany.com:8080/Ecommerce/Catalog'
- Choose the endpoint to edit.
Use the
querySTSEndpointTokenType to return the token provider associated
with the endpoint of interest. Enter the following command to view
the token provider associated with the
http://www.mycompany.com:8080/Ecommerce/Catalog endpoint
URI:
AdminTask.querySTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog')
The
following sample output is displayed:
'Security Context Token'
- Disassociate the token type from the endpoint.
Use
the
unassignSTSEndpointTokenType command to disassociate the
token provider and endpoint configuration. The following command removes
the
Security Context Token token provider that is associated
with the
http://www.mycompany.com:8080/Ecommerce/Catalog endpoint
URI:
AdminTask.unassignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog',
'-LocalName Security Context Token')
The command
returns a message indicating the success of the operation.
- Save your configuration changes.
Use the
following command to save your changes:
AdminConfig.save()
- Reload the modified configuration changes.
Use
the following command to force the trust service to reload your modified
configuration without restarting the service:
AdminTask.refreshSTS()