Configure the WebSphere Application Server trust service to issue
a specific security token to the requestor for communication with an endpoint.
Use the administrative console to configure the security context token provider
that the trust service provides.
Before you begin
WebSphere Application Server provides a trust service. The trust
service provides both a security token service and additional WebSphere Application
Server trust-related functionality. To configure the trust service, in addition
to managing the security context token provider, you must first complete the
following tasks:
- Create or manage supported targets. You can create explicit assignments
for new service endpoints (targets) or manage endpoints that have the security
context token provider explicitly assigned or that inherit the token provider
designated as the Trust Service default.
- Create or manage the attachment of token operations for service endpoints
to policy sets and bindings.
The order in which you complete these tasks is not important.
About this task
This task describes how to manage the security context token provider
and how to define or modify the properties of the security context token provider.
Procedure
- To manage the security context token provider, click Services
> Trust service > Token providers.
- To edit the settings of the security context token provider configuration,
click the link for the token provider name. You cannot edit the
name when modifying the token provider information.
- Change the token type schema Uniform Resource Identifier (URI).
The format must be in the standard URI format. For example, for a security
context token, you might type: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
- Change the amount of time, in minutes, in the Token timeout field
that the issued token is valid. The default value is 10 minutes.
This value cannot be less than 10 minutes.
- Change the amount of time, in minutes, in the Time in cache
after timeout field that the expired token is kept in cache and where
the token can still be renewed. The default value is 120 minutes.
This value cannot be less than 10 minutes.
- Select the Allow renewal after timeout check box to enable
the renewal of a token after the token has expired. If selected,
the amount of time, within which an expired token can still be renewed, is
specified in minutes in the Time in cache after expiration field.
- Select the Allow postdated tokens check box to enable
postdated tokens. Use postdated tokens to specify whether a client
can request a token to become valid at a later time.
- Select the Distributed cache check box to enable a distributed
cache. Use a distributed cache if the server is in a clustered
environment and you want the tokens to be shared across the cluster.
- Click Add to define a new custom property or click Edit to
modify the custom property. Specify these settings using the Custom
Properties setting. Custom properties are used to set internal system configuration
properties. Custom properties are arbitrary name-value pairs of data, where
the name might be a property key or a class implementation, and where the
value might be a string or the value might be a true or false value.
- If you define a custom property, type a name. Refer
to the documentation for the token provider for valid custom property names.
- If you define a custom property, type a value. Refer
to the documentation for the token provider for the values for a property
name.
- Repeat defining the name and the value for each custom property
that you add.
- Click OK. You are returned to the Token providers
panel.
- Save your changes before applying the changes to the Web services
security runtime configuration.
- Click Update Runtime to update the Web services security
runtime configuration with any data changes for token providers, trust service
attachments, and targets. Whether the confirmation window is displayed
depends on whether you select the Show confirmation for update runtime
command check box. Expand Preferences to view the check box.
- Optional: Confirm or click Cancel when the confirmation
window appears. If you deselected the Show confirmation for
update runtime command check box, all changes are made immediately without
displaying the confirmation window.
Results
You have completed the required steps to modify the security context
token provider configuration and to update the Web services security runtime
configuration. You can also update the security context token provider configuration
for the trust service using the wsadmin tool. The wsadmin tool examples are
written in the Jython scripting language.
What to do next
Next, if you have not done so already, you must also configure
targets or configure attachments to complete the trust service configuration.