You can associate a security token provider
with a service endpoint
using the administrative console. After entering the service endpoint
URL,
the token provider configured as the Trust Service Default is explicitly
associated
with the service endpoint.
Before you begin
The Web Services Secure Conversation
specification defines the
protocol for a client to establish a secure session with a target
service.
The security token service that WebSphere® Application
Server provides,
referred to as the trust service, issues the Security Context Token
(SCT).
The security context token is required for Web Services Secure Conversation
(WS-SecureConversation).
About this task
This task describes
how to register a service endpoint (target)
with the trust service. Registration of an service endpoint with the
trust
service initially associates the token provider configured as the
Trust Service
Default with that service endpoint.
To complete the configuration
for
the trust service, you must have completed the following tasks:
- Manage the Security Context Token.
- Create or manage service
endpoint URLs that you want to attach to the
policy set and binding.
The order in which you complete these
tasks is not important.
Procedure
- To configure a
custom endpoint target, click Services > Trust
service > Targets > New Assignment.
- At
the New assignment panel, enter the Universal Resource Locator
(URL) for the service endpoint, and click Assign. You
are returned to the Targets panel where the custom service endpoint
URL is
displayed in the list. Initially, the token that is explicitly assigned
to
the custom endpoint is the token that is assigned as the Trust Service
Default.
- At the Targets panel, select
the check box for a service endpoint,
click Change Token, and select one of the following:
- Security Context Token (SCT). A
security context
token is defined by the WS-SecureConversation specification.
- Inherit Default if you want the token
that is issued
to be the token assigned as the Trust Service Default. The endpoint
is not
displayed in the list when the assignment is inherited because the
token is
no longer explicitly assigned to the endpoint.
- At the targets panel, click the token
name link for an existing
endpoint target to modify the token provider configuration information.
- Save your changes before applying the changes to
the Web Services
Security runtime configuration.
- Click Update
Runtime to update the Web Services Security
runtime configuration with any data changes for token providers, trust
service
attachments, and targets. Whether the confirmation window
is displayed
depends on whether you select the Show confirmation for update
runtime
command check box. Expand Preferences to view the check
box.
- Optional: Confirm or click Cancel when
the confirmation
window appears. If you deselected the Show confirmation
for
update runtime command check box, all changes are made immediately
without
displaying the confirmation window.
Results
When
you complete these steps, service endpoints explicitly associated
with a token provider are displayed in the Targets collection. Service
endpoints
that have been changed to inherit the token provider configured as
the Trust
Service Default are not displayed. You can also configure the security
token
service to issue a specific token for access to a target using the
wsadmin
tool. The wsadmin tool examples are written in the Jython scripting
language.
What to do next
You have completed the required steps
to create a service endpoint
URL, to assign the token to be issued for access to the target, and
to update
the Web Services Security runtime configuration. Next, if you have
not completed
these tasks already, configure the Security Context Token provider
or configure
attachments to the policy set and binding to complete the trust service
configuration.