Use the wsadmin tool to configure and manage trust association
configurations in a multiple security domain environment. Trust association
enables the integration of the application server security and third-party
security servers. More specifically, a reverse proxy server can act
as a front-end authentication server while the product applies its
own authorization policy onto the resulting credentials that are passed
by the proxy server.
Before you begin
You must meet the following requirements before configuring
a trust association:
- You must have the administrator or new admin role.
- Enable global security in your environment.
- Configure multiple realms using security domains in your environment.
Procedure
- Launch the wsadmin scripting tool using the Jython scripting
language. See the Starting the wsadmin scripting client article for
more information.
- Configure a trust association.
Use the configureTrustAssociation
command to enable the trust association. You can also use this command
to create or modify a trust association interceptor.
The following
Jython command creates a trust association for the
testDomain security
domain and configures the trust association to act as a reverse proxy
server:
AdminTask.configureTrustAssociation('-securityDomainName testDomain -enable true')
- Configure the trust association interceptor.
Use
the configureInterceptor command to modify an existing interceptor.
The following Jython command uses a WebSEAL interceptor to configure
single sign-on for the
testDomain security domain:
AdminTask.configureInterceptor('[-interceptor com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlus
-securityDomainName testDomain -customProperties
["com.ibm.websphere.security.trustassociation.types=webseal",
"com.ibm.websphere.security.webseal.loginId=websealLoginID",
"com.ibm.websphere.security.webseal.id=iv-user"]]')
- Save your configuration changes.
請利用下列指令範例來儲存您的配置變更:
AdminConfig.save()