Configuring trust service endpoint targets using the administrative console

The Trust Service manages tokens on behalf of service endpoints. A token provider is either explicitly or implicitly associated with each service endpoint. A specific token can be explicitly assigned to be issued when access to an endpoint is requested. Otherwise, the Trust Service Default token is issued.

Before you begin

The Web Services Secure Conversation specification defines the protocol for a client to establish a secure session with a target service. The security token service that WebSphere® Application Server provides, referred to as the trust service, issues only the Security Context Token (SCT). The security context token is used for Web Services Secure Conversation (WS-SecureConversation).

About this task

This task describes how to create new or manage existing assignments of tokens to be issued for endpoint targets. You can create explicit assignments for new service endpoints (targets) or manage existing token assignments.

To complete the configuration for the trust service, you must have performed the following tasks:
  • Manage the security context token provider.
  • Create or manage service endpoint URLs that you want to attach to the policy set and binding.
The order in which you complete these tasks is not important.

根據啟用安全時所指派的安全角色而定,您可能會有建立或編輯配置資料之文字輸入欄位或按鈕的存取權。 請檢閱管理角色說明文件,以進一步瞭解應用程式伺服器的有效角色。

Procedure

  1. To configure new and existing trust service endpoint targets, click Services > Trust service > Targets. A list of all service endpoints that have a security token provider explicitly defined is displayed. The token provider assigned to the Trust Service Default by default handles requests to issue tokens to access an endpoint.
  2. Click one of the following actions to manage a new or existing endpoint target configuration:
    New Assignment
    Opens a new panel where you can specify a custom service endpoint URL and explicitly assign the token provider, which is specified as the Trust Service Default, to be issued for access to the endpoint.
    Change Token
    Changes an explicitly assigned token to be issued for the service endpoint to the security context token. Select an endpoint and then click Change Token. Select the Security Context Token.

    Also, removes the explicit assignment of a token to be issued; therefore, the token that is issued is inherited from the Trust Service Default. Select an endpoint and then click Change Token. Click Inherit Default to remove a token provider assignment for the selected endpoint and to return the issued token to be the token that is specified as the Trust Service Default. If the token that is issued is inherited, the endpoint is no longer displayed in the list because the token provider is no longer explicitly assigned to the endpoint.

  3. Click the token name link for an existing endpoint target to modify the token provider configuration information. You can modify the token type schema URI, or change custom properties.
  4. Save your changes before applying the changes to the Web Services Security runtime configuration.
  5. Click Update Runtime to update the Web Services Security runtime configuration with any data changes for token providers, trust service attachments, and targets. Whether the confirmation window is displayed depends on whether you select the Show confirmation for update runtime command check box. Expand Preferences to view the check box.
  6. Optional: Confirm or click Cancel when the confirmation window appears. If you deselected the Show confirmation for update runtime command check box, all changes are made immediately without displaying the confirmation window.

Results

When you complete these steps, the service endpoint URL displays in the Targets collection, unless you changed the token to inherit the default value. You can also configure the trust service to issue tokens for individual endpoint targets using the wsadmin tool. The wsadmin tool examples are written in the Jython scripting language.

What to do next

You have completed the required steps to create or manage existing trust service targets, to assign the security token provider to an endpoint target, and to update the Web Services Security runtime configuration. Next, if you have not competed these tasks already, configure the security context token provider or configure attachments to the policy set and binding to complete the trust service configuration.


指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:17
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=twbs_confwstrusttargets
檔名:twbs_confwstrusttargets.html