The Trust Service manages tokens on behalf
of service endpoints.
A token provider is either explicitly or implicitly associated with
each service
endpoint. A specific token can be explicitly assigned to be issued
when access
to an endpoint is requested. Otherwise, the Trust Service Default
token is
issued.
Before you begin
The Web Services Secure Conversation
specification defines the
protocol for a client to establish a secure session with a target
service.
The security token service that WebSphere® Application
Server provides,
referred to as the trust service, issues only the Security Context
Token (SCT).
The security context token is used for Web Services Secure Conversation
(WS-SecureConversation).
About this task
This task describes
how to create new or manage existing assignments
of tokens to be issued for endpoint targets. You can create explicit
assignments
for new service endpoints (targets) or manage existing token assignments.
To
complete the configuration for the trust service, you must have performed
the following tasks:
- Manage the security context token provider.
- Create or manage service endpoint URLs that you want to attach
to the
policy set and binding.
The order in which you complete these
tasks is not important.
Depending on your assigned security role
when security is enabled, you might not have access to text entry
fields or buttons to create or edit configuration data. Review the
administrative roles documentation to learn more about the valid roles
for the application server.
Procedure
- To configure new and existing trust service endpoint
targets, click Services >
Trust service > Targets. A list of all service endpoints
that have a security token provider explicitly defined is displayed.
The token
provider assigned to the Trust Service Default by default handles
requests
to issue tokens to access an endpoint.
- Click
one of the following actions to manage a new or existing
endpoint target configuration:
- New Assignment
- Opens a new panel where you can specify a custom service endpoint
URL
and explicitly assign the token provider, which is specified as the
Trust
Service Default, to be issued for access to the endpoint.
- Change Token
- Changes an explicitly
assigned token to be issued for the service endpoint
to the security context token. Select an endpoint and then click Change
Token. Select the Security Context Token.
Also, removes the
explicit
assignment of a token to be issued; therefore, the token that is issued
is
inherited from the Trust Service Default. Select an endpoint and then
click Change
Token. Click Inherit Default to remove a token provider
assignment
for the selected endpoint and to return the issued token to be the
token that
is specified as the Trust Service Default. If the token that is issued
is
inherited, the endpoint is no longer displayed in the list because
the token
provider is no longer explicitly assigned to the endpoint.
- Click the token name link
for an existing endpoint target to modify
the token provider configuration information. You can modify
the
token type schema URI, or change custom properties.
-
Save your changes before applying the changes to the Web Services
Security runtime configuration.
- Click Update
Runtime to update the Web Services Security
runtime configuration with any data changes for token providers, trust
service
attachments, and targets. Whether the confirmation window
is displayed
depends on whether you select the Show confirmation for update
runtime
command check box. Expand Preferences to view the check
box.
- Optional: Confirm or click Cancel when
the confirmation
window appears. If you deselected the Show confirmation
for
update runtime command check box, all changes are made immediately
without
displaying the confirmation window.
Results
When
you complete these steps, the service endpoint URL displays in
the Targets collection, unless you changed the token to inherit the
default
value. You can also configure the trust service to issue tokens for
individual
endpoint targets using the wsadmin tool. The wsadmin tool examples
are written
in the Jython scripting language.
What to do next
You have completed
the required steps to create or manage existing
trust service targets, to assign the security token provider to an
endpoint
target, and to update the Web Services Security runtime configuration.
Next,
if you have not competed these tasks already, configure the security
context
token provider or configure attachments to the policy set and binding
to complete
the trust service configuration.