Use the setPolicyType and setBinding commands for the AdminTask object to specify security tokens for custom policy and binding configurations.
Create a new custom policy set.
The following scenarios configure the custom policy and bindings to use a Kerberos token based on the Oasis Kerberos Token Profile V1.1 specification. You can also use the setPolicyType and setBinding commands to configure other binary security tokens, such as username tokens, Lightweight Third-Party Authentication (LTPA) and SecureConversation.
AdminTask.getPolicyType('-policySet AuthenticationTokenService -policyType
WSSecurity')
'[ [SupportingTokens.request:krb_token.CustomToken.IncludeToken
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient] [enabled true] [type WSSecurity]
[description [Policies for sending security tokens and providing message confidentiality and integrity, based on the OASIS Web
Service Security and Token Profiles specifications.]] [SupportingTokens.request:krb_token.CustomToken.WssCustomToken.uri ]
[provides ] [SupportingTokens.request:krb_token.CustomToken.WssCustomToken.localname
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ] ]'
AdminTask.setPolicyType('-policySet AuthenticationTokenService -policyType
WSSecurity -attributes "[ [SupportingTokens.request:krb_token.CustomToken.IncludeToken
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient] [enabled true] [type
WSSecurity] [description [Policies for sending security tokens and providing message confidentiality and integrity,
based on the OASIS Web Services Security and Token Profiles specifications.]]
[SupportingTokens.request:krb_token.CustomToken.WssCustomToken.uri []] [provides []]
[SupportingTokens.request:krb_token.CustomToken.WssCustomToken.localname
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ] ]"')
AdminTask.getBinding('-policyType WSSecurity -bindingLocation "" -bindingName
AuthenticationTokenService')
'[ [application.securityinboundbindingconfig.tokenconsumer_0.properties_0.name
com.ibm.wsspi.wssecurity.krbtoken.serviceSPN] [application.securityinboundbindingconfig.tokenconsumer_0.valuetype.localname
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ]
[application.securityinboundbindingconfig.tokenconsumer_0.valuetype.uri ]
[application.securityinboundbindingconfig.tokenconsumer_0.callbackhandler.classname
com.ibm.websphere.wssecurity.callbackhandler.KRBTokenConsumeCallbackHandler] [application.name
application][application.securityinboundbindingconfig.tokenconsumer_0.properties_0.value HTTP/derekho1.firehorse.austin.ibm.com]
[application.securityinboundbindingconfig.tokenconsumer_0.jaasconfig.configname system.wss.consume.KRB5BST]
[application.securityinboundbindingconfig.tokenconsumer_0.name
con_krbtoken][application.securityinboundbindingconfig.tokenconsumer_0.classname
com.ibm.ws.wssecurity.wssapi.token.impl.CommonTokenConsumer]
[application.securityinboundbindingconfig.tokenconsumer_0.securitytokenreference.reference request:krb_token] ]'
AdminTask.setBinding('-policyType WSSecurity -bindingLocation ""
-bindingName AuthenticationTokenService -attributes "[
[application.securityinboundbindingconfig.tokenconsumer_0.properties_0.name com.ibm.wsspi.wssecurity.krbtoken.serviceSPN]
[application.securityinboundbindingconfig.tokenconsumer_0.valuetype.localname
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ]
[application.securityinboundbindingconfig.tokenconsumer_0.valuetype.uri []]
[application.securityinboundbindingconfig.tokenconsumer_0.callbackhandler.classname
com.ibm.websphere.wssecurity.callbackhandler.KRBTokenConsumeCallbackHandler] [application.name
application][application.securityinboundbindingconfig.tokenconsumer_0.properties_0.value
HTTP/derekho1.firehorse.austin.ibm.com] [application.securityinboundbindingconfig.tokenconsumer_0.jaasconfig.configname
system.wss.consume.KRB5BST][application.securityinboundbindingconfig.tokenconsumer_0.name
con_krbtoken][application.securityinboundbindingconfig.tokenconsumer_0.classname
com.ibm.ws.wssecurity.wssapi.token.impl.CommonTokenConsumer]
[application.securityinboundbindingconfig.tokenconsumer_0.securitytokenreference.reference request:krb_token]
]"')
If the setPolicyType and setBinding commands return a 'true' value, the system successfully updated the policy and binding configurations.