The Trust Service manages tokens on behalf of service endpoints.
A token provider is either explicitly or implicitly associated with
each service endpoint. A specific token can be explicitly assigned
to be issued when access to an endpoint is requested. Otherwise, the
Trust Service Default token is issued.
Before you begin
The Web Services Secure Conversation specification defines
the protocol for a client to establish a secure session with a target
service. The security token service that WebSphere® Application
Server provides, referred to as the trust service, issues only the
Security Context Token (SCT). The security context token is used for
Web Services Secure Conversation (WS-SecureConversation).
About this task
This task describes how to create new or manage existing
assignments of tokens to be issued for endpoint targets. You can create
explicit assignments for new service endpoints (targets) or manage
existing token assignments.
To complete the configuration for
the trust service, you must have performed the following tasks:
- Manage the security context token provider.
- Create or manage service endpoint URLs that you want to attach
to the policy set and binding.
The order in which you complete these tasks is not important.
根據啟用安全時所指派的安全角色而定,您可能會有建立或編輯配置資料之文字輸入欄位或按鈕的存取權。
請檢閱管理角色說明文件,以進一步瞭解應用程式伺服器的有效角色。
Procedure
- To configure new and existing trust service endpoint targets,
click Services > Trust service > Targets. A
list of all service endpoints that have a security token provider
explicitly defined is displayed. The token provider assigned to the
Trust Service Default by default handles requests to issue tokens
to access an endpoint.
- Click one of the following actions to manage a new or existing
endpoint target configuration:
- New Assignment
- Opens a new panel where you can specify a custom service endpoint
URL and explicitly assign the token provider, which is specified as
the Trust Service Default, to be issued for access to the endpoint.
- Change Token
- Changes an explicitly assigned token to be issued for the service
endpoint to the security context token. Select an endpoint and then
click Change Token. Select the Security Context Token.
Also,
removes the explicit assignment of a token to be issued; therefore,
the token that is issued is inherited from the Trust Service Default.
Select an endpoint and then click Change Token. Click Inherit
Default to remove a token provider assignment for the selected
endpoint and to return the issued token to be the token that is specified
as the Trust Service Default. If the token that is issued is inherited,
the endpoint is no longer displayed in the list because the token
provider is no longer explicitly assigned to the endpoint.
- Click the token name link for an existing endpoint target
to modify the token provider configuration information. You
can modify the token type schema URI, or change custom properties.
- Save your changes before applying the changes to the Web
Services Security runtime configuration.
- Click Update Runtime to update the Web Services
Security runtime configuration with any data changes for token providers,
trust service attachments, and targets. Whether the confirmation
window is displayed depends on whether you select the Show confirmation
for update runtime command check box. Expand Preferences to
view the check box.
- Optional: Confirm or click Cancel when
the confirmation window appears. If you deselected the Show
confirmation for update runtime command check box, all changes
are made immediately without displaying the confirmation window.
Results
When you complete these steps, the service endpoint URL displays
in the Targets collection, unless you changed the token to inherit
the default value. You can also configure the trust service to issue
tokens for individual endpoint targets using the wsadmin tool. The
wsadmin tool examples are written in the Jython scripting language.
What to do next
You have completed the required steps to create or manage
existing trust service targets, to assign the security token provider
to an endpoint target, and to update the Web Services Security runtime
configuration. Next, if you have not competed these tasks already,
configure the security context token provider or configure attachments
to the policy set and binding to complete the trust service configuration.