Use the wsadmin tool, which supports the Jython and Jacl
scripting languages, to administer the trust service. Use this topic
to set internal system configuration properties for your token provider
configuration by adding or removing custom properties.
Before you begin
You must have an existing token provider configured for the
trust service.
About this task
Use custom properties to set internal system configuration
properties and specify these properties using the customProperties
parameter. Custom properties are arbitrary name and value pairs of
data, where the name can be a property key or a class implementation,
and where the value might be a string or Boolean value. Use this topic
and the commands in the STSManagement group for the AdminTask object
to add or remove custom properties from your configuration with the
Jython scripting language.
Procedure
- Add new custom properties to a specific token provider
configuration.
Use the updateSTSTokenTypeConfiguration command
to add or update custom properties to your token provider configuration.
Do not use the updateSTSTokenTypeConfiguration command to remove
custom properties. If you specify the -distributedCache parameter,
the security context token provider generates a warning and modifies
the WS-Security distributed cache configuration. Do not specify a
value for the -distributedCache parameter for custom tokens.
- Launch a scripting command. To learn more,
see the starting the wsadmin scripting client information.
- Determine the token provider configuration to edit.
Enter the following command to view a list of the names for
each configured token provider:
AdminTask.listSTSConfiguredTokenTypes()
- Review the configured custom properties for the token
provider of interest.
Enter the following command to
view a properties object containing custom configuration data for
the
Security Context Token token provider:
AdminTask.querySTSTokenTypeConfigurationCustomProperties('Security Context Token')
- Add custom properties to the token provider configuration.
Use the
updateSTSTokenTypeConfiguration command to
add the configuration data for the
Security Context Token token
provider. Use the following example to add the
com.ibm.ws.security.webChallengeIfCustomSubjectNotFound custom
property with a value of
false and the
com.ibm.ws.security.defaultLoginConfig custom
property with a value of
system.DEFAULT to the configuration:
AdminTask.updateSTSTokenTypeConfiguration('Security Context Token', '[-customProperties
[[com.ibm.ws.security.webChallengeIfCustomSubjectNotFound false]
[com.ibm.ws.security.defaultLoginConfig system.DEFAULT]] ]')
The
command returns a message indicating the success or failure of the
operation.
- Save your configuration changes.
Use the
following command to save your changes:
AdminConfig.save()
- Reload the modified configuration changes.
Use
the following command to force the trust service to reload your modified
configuration without restarting the application server.
AdminTask.refreshSTS()
- Edit custom properties for a specific token provider configuration.
- View configured custom properties for the token provider
of interest.
Enter the following command to view a
properties object containing custom configuration data for the
Security
Context Token token provider:
AdminTask.querySTSTokenTypeConfigurationCustomProperties('Security Context Token')
- Modify the configuration data for the token provider
of interest.
Use the
updateSTSTokenTypeConfiguration command
to modify the existing configuration data for the
Security Context
Token token provider. This example specifies that the
Security
Context Token token provider configuration includes the
com.ibm.ws.security.webChallengeIfCustomSubjectNotFound custom
property with a value of
false and the
com.ibm.ws.security.defaultLoginConfig custom
property with a value of
system.DEFAULT. Use the following
command to change the value of the
com.ibm.ws.security.defaultLoginConfig custom
property from
system.DEFAULT to
system.CUSTOM, and
does not change any other configured custom properties:
AdminTask.updateSTSTokenTypeConfiguration('Security Context Token', '[-customProperties
[[com.ibm.ws.security.defaultLoginConfig system.CUSTOM]]]')
The
command returns a message indicating the success or failure of the
operation.
- Save your configuration changes.
Use the
following command to save your changes:
AdminConfig.save()
- Reload the modified configuration changes.
Use
the following command to force the trust service to reload your modified
configuration without restarting the application server:
AdminTask.refreshSTS()
- Remove custom properties from token provider configurations.
- View configured custom properties for the token provider
of interest.
Enter the following command to view a properties
object containing custom configuration data for the
Security Context
Token token provider:
AdminTask.querySTSTokenTypeConfigurationCustomProperties('Security Context Token')
- Delete the custom property from the token provider configuration.
Use the
deleteSTSTokenTypeConfigurationCustomProperties command
to delete custom properties from your configuration. Specify the names
of the custom properties to remove using the propertyNames parameter.
If the specified name does not exist in the configuration, no configuration
changes are made. The following command removes the
com.ibm.ws.security.webChallengeIfCustomSubjectNotFound and
com.ibm.ws.security.defaultLoginConfig custom
properties from the
Security Context Token token provider configuration:
AdminTask.deleteSTSTokenTypeConfigurationCustomProperties('Security Context Token',
'[-propertyNames com.ibm.ws.security.webChallengeIfCustomSubjectNotFound
com.ibm.ws.security.defaultLoginConfig]')
The command
returns a message indicating the success or failure of the operation.
- Save your configuration changes.
Use the
following command to save your changes:
AdminConfig.save()
- Reload the modified configuration changes.
Use
the following command to force the trust service to reload your modified
configuration without restarting the service:
AdminTask.refreshSTS()