See information about the latest product version
Configuring authorization with a WS-Trust v1.3 STS (TFIM V6.2)
You can configure supported message flow input nodes or SecurityPEP nodes to perform authorization of an identity or security token by using a WS-Trust v1.3 compliant security token server (STS), such as Tivoli® Federated Identity Manager (TFIM) V6.2.
Before you start:
- Check that an appropriate security profile exists, or create a new security profile. See Creating a security profile for WS-Trust V1.3 (TFIM V6.2).
- RequestType
- Issuer
- AppliesTo
For more information about these parameters, see:Authentication, mapping, and authorization with TFIM V6.2 and TAM .
Steps for enabling authorization using a WS-Trust v1.3 STS provider:
- In the Message Broker Toolkit, right-click the BAR file, then click Open with > Broker Archive Editor.
- Click the Manage and Configure tab.
- Click the flow or node on which you want to set the security profile. The properties that you can configure for the message flow or for the node are displayed in the Properties view.
- In the Security Profile Name field, select a security profile that has authorization set for WS-Trust V1.3 STS.
- Save the BAR file.
For a SOAPInput node to use the token in the WS-Security header (rather than an underlying transport identity) an appropriate policy set and bindings must also be defined and specified. For more information, see Policy sets.
The WS-Trust v1.3 specification is available at: http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html.