Managing self-issue SAML token configuration using wsadmin commands
The SAMLIssuerConfig.properties file usage is deprecated in WebSphere® Application Server Version 8. You can use the listSAMLIssuerConfig and updateSAMLIssuerConfig wsadmin command tasks to read and modify the SAMLIssuerConfig.properties cell level and server level configuration files. Starting with WebSphere Application Server Version 8, you should use the administrative console or the setSAMLIssuerConfigInBinding command task to specify a self-issued SAML token's configuration as custom properties in the requester's outbound configuration in the general bindings or in the application-specific bindings. Do not use server level and cell level SAMLIssuerConfig.properties file.
开始之前
The product provides an alternate way to specify a self-issued SAML token configuration in policy set bindings. Migrate self-issued SAML token configuration data from the SAMLIssuerConfig.properties file to the bindings. Specifying configuration data for creating self-issued SAML tokens in general bindings or application-specific bindings provides management flexibility to specify the configuration at a finer grained scope, in addition to the cell level and the server level. For example you can configure a specific SAML token issuer for a particular web service application, for an arbitrary group of applications, or for a web service application in a security domain.

关于此任务
Two command tasks are available to manage the SAMLIssuerConfig.properties file-based SAML issuer configuration. This file can be located at the cell level and the server level. These two tasks are:
- listSAMLIssuerConfig
- updateSAMLIssuerConfig
过程
结果
现在,您已创建了用于自动更新单元级别或服务器级别 SAMLIssuerConfig.properties 文件的命令脚本,或者在常规绑定或特定于应用程序绑定中的请求者出站配置内将自签发 SAML 令牌的配置数据创建为定制属性。
示例
AdminTask.setSAMLIssuerConfigInBinding('[-bindingName SAMLTestAppClientBinding
-bindingLocation [ [application JaxWSServicesSamples] [attachmentId 1904] ]
-com.ibm.wsspi.wssecurity.saml.config.issuer.IssuerURI My_Issuer
-com.ibm.wsspi.wssecurity.saml.config.issuer.TimeToLiveMilliseconds 3600000
-com.ibm.wsspi.wssecurity.saml.config.issuer.KeyStoreRef "name=myKeyStore managementScope=(cell):Node01Cell:(node):Node01 "
-com.ibm.wsspi.wssecurity.saml.config.issuer.KeyAlias samlissuer
-com.ibm.wsspi.wssecurity.saml.config.issuer.KeyName "CN=SAMLIssuer, O=Acme,C=US"
-com.ibm.wsspi.wssecurity.saml.config.issuer.KeyPassword *****
-com.ibm.wsspi.wssecurity.saml.config.issuer.TrustStoreRef "name=myKeyStore managementScope=(cell):Node01Cell:(node):Node01 "]')
AdminTask.setSAMLIssuerConfigInBinding('[-bindingName "Saml Bearer Client sample"
-bindingScope domain -bindingLocation -domainName global
-com.ibm.wsspi.wssecurity.saml.config.issuer.IssuerURI My_Issuer
-com.ibm.wsspi.wssecurity.saml.config.issuer.TimeToLiveMilliseconds 3600000
-com.ibm.wsspi.wssecurity.saml.config.issuer.KeyStorePath "profile_root/etc/ws-security/saml/saml-issuer.jceks
-com.ibm.wsspi.wssecurity.saml.config.issuer.KeyStoreType jceks
-com.ibm.wsspi.wssecurity.saml.config.issuer.KeyStorePassword *****
-com.ibm.wsspi.wssecurity.saml.config.issuer.KeyAlias samlissuer
-com.ibm.wsspi.wssecurity.saml.config.issuer.KeyName "CN=SAMLIssuer, O=Acme, C=US"
-com.ibm.wsspi.wssecurity.saml.config.issuer.KeyPassword *****
-com.ibm.wsspi.wssecurity.saml.config.issuer.TrustStorePath "profile_root/profiles/<server_name>/etc/ws-security/saml/saml-issuer.jceks
-com.ibm.wsspi.wssecurity.saml.config.issuer.TrustStoreType jceks
-com.ibm.wsspi.wssecurity.saml.config.issuer.TrustStorePassword *****]')
当指定应用程序绑定时,bindingLocation 是必需参数且可以作为属性对象进行提供。属性名为 application 和 attachmentId。当指定常规绑定时,bindingLocation 是必需参数,该参数可以是空值或具有空属性。此外,如果范围不是全局,那么 bindingScope 是必需参数。请使用 bindingName 参数来识别绑定位置。有关 bindingLocation、bindingScope 和 domainName 的更多信息,请参阅 setBinding 或 getBinding 命令任务文档。
要从绑定中移除 SAML 发布者配置定制属性,请使用管理控制台或 setBinding 命令任务。