Use this page to specify the information for the token consumer. The information is used at the consumer side only to process the security token.
Before specifying additional properties, specify a value in the Token consumer name, the Token consumer class name, and the Value type local name fields.
Specifies the name of the token consumer configuration.
Specifies the name of the token consumer implementation class.
This class must implement the com.ibm.wsspi.wssecurity.token.TokenConsumerComponent interface.
Specifies a reference to the name of the security token that is defined in the deployment descriptor.
On the application level, when the security token is not specified in the deployment descriptor, the Part reference field is not displayed.
Specifies the trust anchor and the certificate store.
Trust anchor
Binding name | Cell level, server level, or application level | Path |
---|---|---|
Default consumer binding | Server level | Click Servers > Application servers > server_name. Under Security, click Web services: Default bindings for Web services security. Under Additional properties, click Trust anchors. |
Certificate store
Binding name | Cell level, server level, or application level | Path |
---|---|---|
Default consumer binding | Server level |
|
Specifies the reference to the Trusted ID evaluator class name that is defined in the Trusted ID evaluators panel. The trusted ID evaluator is used for determining whether the received ID is trusted.
Binding name | Cell level, server level, or application level | Path |
---|---|---|
Default consumer binding | Server level |
|
When you select a trusted ID evaluator reference, you must configure the trusted ID evaluators before setting the token consumer.
The Trusted ID evaluator field is displayed in the default binding configuration and the application server binding configuration.
Specifies whether the nonce of the user name token is verified.
This option is displayed on the cell, server, and application levels. This option is valid only when the type of incorporated token is the user name token.
Specifies whether the time stamp of user name token is verified.
This option is displayed on the cell, server, and application levels. This option is valid only when the type of incorporated token is the user name token.
Specifies the local name of value type for the consumed token.
When you specify a custom value type for custom tokens, you can specify the local name and the URI of the Quality name (QName) of the value type. For example, you might specify Custom for the local name and http://www.ibm.com/custom for the URI.
Specifies the namespace URI of the value type for the integrated token.
When you specify the token consumer for the user name token or the X.509 certificate security token, you do not need to specify this option. If you want to specify another token, specify the URI of the QName for the value type.
WebSphere Application Server provides the following predefined value type URI for the LTPA token: http://www.ibm.com/websphere/appserver/tokentype/5.0.2
Related reference
Token consumer collection
Token generator collection
Token generator configuration settings