Trust service attachments collection

Use this page to view information about or manage system policy set attachments and bindings. Endpoints with at least one operation directly attached to a policy set are displayed.

This page displays each endpoint that has at least one operation that is directly attached to a system policy set. The operations for other endpoints inherit the trust service default policy set and binding data. You can click New Attachment to create explicit attachments for endpoints not displayed, or click Attach to change the policy set for an operation. Changing the system policy set for an operation removes the binding data for that operation, and resets that data to the system default binding settings. You can also click Assign Binding to create a new binding configuration or change the existing binding configuration for the selected operation.

To view this administrative console page, click Services > Trust service > Trust service attachments.

Depending on your assigned security role when security is enabled, you might not have access to text entry fields or buttons to create or edit configuration data. Review the administrative roles documentation to learn more about the valid roles for the application server.

Show confirmation for update runtime command

Specifies whether to enable or disable the display of the confirmation window before the Web services security runtime configuration is updated for supported tokens, targets, and trust service attachments.

Click Preferences to expand the information. You can select or clear the Show confirmation for update runtime command check box. If you do not select this check box, updates to the security runtime configuration are made without first displaying a confirmation window. If you select the check box, the confirmation window is displayed before updates to the security runtime configuration are made.

Data type: Check box
Default: Enabled (check box is selected)

Retain filter criteria

Specifies whether to retain the filter criteria.

Click Preferences to expand the information. You can select or deselect the Retain filter criteria check box. This check box determines whether Endpoint URL is used as the filter criteria to reduce the displayed list of endpoints.

Data type: String
Default: All (check box is not selected)

Search terms

Specifies the search criteria to use to reduce the displayed list of endpoints.

Click Preferences to expand the information. Type the search term you want to use in the Search terms field. Use the asterisk (*) as a wildcard character for all terms. You can also search for multiple unknown or partial characters within the term. For example, typing the search term par* returns partly, participate, partial, and all other terms beginning with the letters par.

Data type: String
Default: * (search for all)

Select

Specifies that you want to select an existing resource, such as an endpoint or an operation, for further actions.

For existing endpoints, select the check box next to an operation, and then select one of the following actions:

Actions Description
Attach

Displays a list of policy sets that are available to be attached to an endpoint operation (cancel, reset, validate, or issue) or to one of the trust service default operations. Highlight and click the policy set to attach the policy set to the selected operation. You cannot attach a policy set to an endpoint.

Inherit operation defaults

Detaches the currently attached policy set and binding for each selected operation and sets the operation to inherit the trust service default policy set and binding for each operation.

Assign binding

Lists the bindings that are available to select for the policy set to which you want to attach the binding. You can also create a new binding.

  • Select Default to create and assign the system default binding to the selected policy set attachment. When you select this binding the runtime uses the default binding for the server, cell or in the multiple security domain environment to which the service resource is deployed.
  • Select New Trust Service Specific Binding to create a binding that is specific to the policy set and shares the characteristics of the policy set. This type of binding is reusable only for trust service attachments.
  • Select an existing general binding to assign the binding to the selected policy set attachment.

Multiple selection is valid only when all the resources have the same policy set attached.

New attachment

Specifies that you want to create an explicit policy set attachment.

Click New Attachment to access a new panel where you can enter an endpoint URL to create attachments for each of the four endpoint operations of the provided URL. Initially, the attachment consists of the policy set and binding that are listed as the Trust Service Default for that operation.

Data type: Button

Update runtime

Updates the trust service configuration for any changed attachments, targets, and token information.

If the Show confirmation for update runtime command preference is enabled, then a panel is displayed where you can confirm that you want to update the trust service configuration. If the preference is disabled, the trust service configuration is updated immediately without any confirmation.

Data type: Button

Service endpoint URL / Operation

Displays a list of the trust service default operation attachments and every service endpoint URL that has at least one operation with a policy set attached.

Each endpoint has four operations: issue, cancel, renew, and validate. Each of the operations for all other endpoints inherits the trust service default policy set and binding.

When the URL in the trust service attachment does not match the URL to which the trust service request is sent, the policy set that is defined in the attachment is not applied. Instead, IBM® WebSphere® Application Server uses the policy set that is attached to the default for the trust operation.

Data type: String
Default: Trust Service Default

Policy set

Displays the attached or inherited policy set for each operation of all endpoint URLs. Any endpoint URL that is not displayed inherits the trust service default policy set for each operation. Provides a list of default and custom system policy sets that are attached to the service endpoint URL.

The policy set names are displayed in this column for each operation. If the policy set is inherited from the trust service default, rather than being explicitly attached, inherited is displayed in parentheses following the policy set name. Because only operations can have a policy set attachment, the Policy Set column for each endpoint URL row displays Not applicable.

Click the system policy set name to view or edit the policy set details information. Note that you can view, but not edit, the default policy sets. Default policy sets cannot be changed.

Data type: String
Defaults: TrustServiceSecurityDefault, TrustServiceSymmetricDefault or SystemWSSecurityDefault

Binding

Displays the binding that is assigned to each policy set attachment for each operation of the listed endpoint URLs. Any endpoint URL that is not displayed inherits the trust service default binding for each of the four operations.

The name of the assigned binding for each policy set attachment is displayed in this column for each operation. If the attachment is inherited from the trust service default, inherited is displayed in parentheses following the binding name. If you select Assign Binding > Default, the system default binding is applied to the policy set attachment, and the word Default is displayed in this column. If the system default binding is inherited, then inherited is displayed in parentheses following Default.

The system default binding is also assigned when you attach a new policy set to an operation. Because only operations can have policy set attachments, the binding column for each endpoint URL row displays Not applicable. Rows that are not directly related to a token and display the trust service default, display the text, Not applicable, for the binding. Additionally, rows that are not directly related to a token and display only the service endpoint URL display the text, Not applicable, for the binding.

Click the trust service specific binding name to view or edit the binding information. You can view, but not edit, the TrustServiceSecurityDefault, TrustServiceSymmetricDefault or SystemWSSecurityDefault bindings.

Data type: String
Default: TrustServiceSecurityDefault, TrustServiceSymmetricDefault or SystemWSSecurityDefault



Related tasks
Creating a service endpoint attachment using the administrative console
Deleting application-specific bindings from your configuration using wsadmin scripting
Configuring attachments for the trust service using the administrative console
Related reference
Trust service attachments settings
New general binding settings
Administrative roles
Reference topic    

Terms of Use | Feedback

Last updated: Oct 21, 2010 5:30:17 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-iseries&topic=uwbs_confwstrustpsattach
File name: uwbs_confwstrustpsattach.html