You can use the wsadmin tool, which supports the Jython and Jacl
scripting languages, to manage the association of endpoints and tokens. Use
this topic to query, assign, and unassign the association of a token provider
with an endpoint Uniform Resource Identifier (URI).
Before you begin
Before you can assign and manage endpoint configurations, at least
one token provider configuration and a Web service must exist.
About this task
Use the STSManagement group of commands to specify a custom service
endpoint Uniform Resource Identifier (URI) and to assign and unassign the
association of trust service token providers with endpoint configurations.
Complete the steps in this topic to query the trust service for the existing
endpoint configuration, associate the default token with an endpoint, and
unassociate a token from an endpoint. You can perform these steps in any order.
Procedure
- Associate a token with a specific endpoint.
- View a list of all endpoint URIs that are currently associated
with a token provider.
Before invoking changes on your endpoint
configurations, use the following listSTSAssignedEndpoints command to examine
your current settings:
AdminTask.listSTSAssignedEndpoints()
If
the endpoint of interest is currently associated with a token, do not use
the assignSTSEndpointTokenType command. To update the token that is associated
with the endpoint, use the updateSTSEndpointTokenType command in the next
step.
- Associate a token with an endpoint.
Use the assignSTSEndpointTokenType
command to specify the token to issue for access to a specific endpoint. You
do not need to specify the name of the token provider to assign if the token
provider is set as the default configuration. For example, the following command
assigns the
Security Context Token default token to the
http://www.mycompany.com:8080/Ecommerce/Catalog endpoint
URI:
AdminTask.assignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog')
If
Security
Context Token is not the default token provider, use the following command:
AdminTask.assignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog',
'-LocalName Security Context Token')
The command returns
a message indicating the success of the operation.
- Save your configuration changes.
Use the following
command to save your changes:
AdminConfig.save()
- Reload the modified configuration changes.
Use
the following command to force the trust service to reload your modified configuration
without restarting the application server:
AdminTask.refreshSTS()
- Disassociate a token from an endpoint.
- Examine the current endpoint configuration.
Use
the listSTSAssignedEndpoints to view a list of each endpoint URI with assigned
token providers, as the following example describes:
AdminTask.listSTSAssignedEndpoints()
The
following sample output is displayed:
'http://www.mycompany.com:8080/Ecommerce/Catalog'
- Choose the endpoint to edit.
Use the querySTSEndpointTokenType
to return the token provider associated with the endpoint of interest. Enter
the following command to view the token provider associated with the
http://www.mycompany.com:8080/Ecommerce/Catalog endpoint
URI:
AdminTask.querySTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog')
The
following sample output is displayed:
'Security Context Token'
- Disassociate the token type from the endpoint.
Use
the
unassignSTSEndpointTokenType command to disassociate the token
provider and endpoint configuration. The following command removes the
Security
Context Token token provider that is associated with the
http://www.mycompany.com:8080/Ecommerce/Catalog endpoint
URI:
AdminTask.unassignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog',
'-LocalName Security Context Token')
The command returns
a message indicating the success of the operation.
- Save your configuration changes.
Use the following
command to save your changes:
AdminConfig.save()
- Reload the modified configuration changes.
Use
the following command to force the trust service to reload your modified configuration
without restarting the service:
AdminTask.refreshSTS()