WebSphere® Application
Server provides a pre-configured token, the Security Context Token
(SCT).
Use the administrative console to modify the configuration of the
security
context token provider.
Before you begin
WebSphere Application
Server provides a trust service. The trust service provides both a
security
token service and additional WebSphere Application Server
trust-related functionality.
To configure the trust service, in addition to managing the security
context
token provider, you must first complete the following tasks:
- Create
or manage supported targets. You can create explicit assignments
for new service endpoints (targets) or manage endpoints that have
a security
token provider explicitly assigned or that inherit the token provider
designated
as the Trust Service default.
- Create or manage the attachment
of token operations for service endpoints
to policy sets and bindings.
The order in which you complete
these tasks is not important.
About this task
This task describes
how to configure the security context token provider
and how to define the token provider properties.
Procedure
-
To configure the security context token provider, click Services >
Trust services > Token providers.
- To
change the configuration of the security context token provider,
click the link for the token provider name (Security Context Token).
For an existing token, the token name, class name and URI are
displayed,
but are not editable.
- Optional: Change
the amount of time, in minutes, in
the Time in cache after expiration field that the expired token
is
kept in cache and where the token can still be renewed. The
default
value is 120 minutes, and you cannot type a value that is less than
10 minutes.
- Optional: Change the
amount of time, in minutes, in
the Token timeout field that the issued token is valid.
The
default value is 120 minutes, and you cannot type a value that is
less than
10 minutes.
- Optional: Select the Allow
renewal after timeout check
box to enable the renewal of a token, after the timeout time has expired.
If selected, the amount of time, within which an expired token
can still
be renewed, is specified in the Time in cache after expiration field.
- Optional: Select the Allow postdated
tokens check
box to enable postdated tokens. Use postdated tokens to
specify
whether a client can request a token to become valid at a later time.
- Optional: Select the Support Secure
Conversation
Token v200502 check box to enable use of the older draft submission
specification
level of the security context token. The correct URI for
this
level of the token type schema appears in the field under the check
box: http://schemas.xmlsoap.org/ws/2005/02/sc/sct.
- Click New if you want to define a new custom
property. Specify additional configuration using the Custom
Properties setting.
Custom properties are used to set internal system configuration properties.
Custom properties are arbitrary name-value pairs of data, where the
name
might be a property key or a class implementation, and where the value
might
be a string or Boolean value.
- If defining
a new custom property, type a name. For
example, for a custom property, type: com.ibm.wsspi.wssecurity.trust.keySize
- If defining a new custom property, type a
value. For
example, the following value: 128
- Repeat the name and value steps for each new custom
property.
- Click OK.
You are returned to the Token provider
panel.
- Save your changes before applying the
changes to the Web Services
Security runtime configuration.
- On the Token
provider panel, click Update Runtime to update
the Web Services Security runtime configuration with any data changes
for
token providers, trust service attachments, and targets. Whether
the confirmation window is displayed depends on whether you select
the Show
confirmation for update runtime command check box. Expand Preferences to
view the check box.
- Optional: Confirm
or click Cancel when the confirmation
window appears. If you deselected the Show confirmation
for
update runtime command check box, all changes are made immediately
without
displaying the confirmation window.
Results
You
have completed the required steps to modify the configuration
of the security context token provider and to update the Web Services
Security
runtime configuration. You can also modify the configuration of the
security
context token provider for the trust service using the wsadmin tool.
The wsadmin
tool examples are written in the Jython scripting language.
What to do next
If you have not done so already, you must also configure
targets
or configure attachments to complete the trust service configuration.