You can configure a generic security token login module for an authentication token on the token consumer side of the Web Services Security provider.
When a web service message is received, the Web Services Security runtime calls the generic security token login module for the token consumer as part of the authentication process. The login module delegates the token validation process to the WS-Trust service using WS-Trust Validate. The WS-Trust service processes the request and returns a RequestSecurityTokenResponse message to the login module, which might contain a new security token or validation status code only. The returned token from WS-Trust service or the original received token is the caller token if the caller token is required.
For illustration purposes, it is assumed that policy sets and bindings are configured and attached to an application. For example, you can use the SAML11 Bearer WSSecurity default policy set and SAML Bearer Provider sample binding. For more information, see the topic about configuring client and provider bindings for the SAML bearer token.
Complete the following steps to configure the generic login module on the token consumer side using the administrative console:
When you complete this task, you have configured a generic login module for the token consumer.