Use this page to specify how to acquire the security token that is inserted in the Web services security header within the Simple Object Access Protocol (SOAP) message. The token acquisition is a pluggable framework that leverages the Java Authentication and Authorization Service (JAAS) javax.security.auth.callback.CallbackHandler interface for acquiring the security token.
Specifies the name of the callback handler implementation class that is used to plug in a security token framework.
MyCallbackHandler(String username, char[] password, java.util.Map properties)
The callback handler implementation obtains the required security token and passes it to the token generator. The token generator inserts the security token in the Web services security header within the SOAP message. Also, the token generator is plug-in point for the pluggable security token framework. Service providers can provide their own implementation, but the implementation must use the com.ibm.wsspi.wssecurity.token.TokenGeneratorComponent interface.
Select this option if you have identity assertion defined in the IBM extended deployment descriptor.
This option indicates that only the identity of the initial sender is required and inserted into the Web services security header within the SOAP message. For example, WebSphere Application Server only sends the user name of the original caller for a Username TokenGenerator. For an X.509 token generator, the application server sends the original signer certification only.
Select this option if you have identity assertion defined in the IBM extended deployment descriptor and you want to use the Run As identity instead of the initial caller identity for identity assertion for a downstream call.
This option is valid only if you have Username TokenGenerator configured as a token generator.
Specifies the user name that is passed to the constructors of the callback handler implementation.
These implementations are described in detail under the Callback handler class name field description in this article.
Specifies the password that is passed to the constructor of the callback handler.
Specifies the password that is used to access the keystore file.
Specifies the location of the keystore file.
Use ${USER_INSTALL_ROOT} in the path name because this variable expands to the WebSphere Application Server path on your machine. To change the path used by this variable, click Environment > WebSphere variables and click USER_INSTALL_ROOT.
Specifies the type of keystore file format
Related reference
Token generator collection
Token generator configuration settings