Before you begin
Prior to completing this task, you must import your application into an assembly tool. For information on how to import your application, see Importing enterprise applications.Why and when to perform this task
The caller is used to identify the token. The run time for Web services security uses this token identity to create the security credential and principal for WebSphere Application Server. The token identity must be in the configured user registry so that the Application Server can use the token identity in Java 2 Platform, Enterprise Edition (J2EE) authorization checks.
Complete the following steps to specify the caller part when you configure the consumer security constraints for either the response consumer or the request consumer. The response consumer is configured for the client and the request consumer is configured for the server. In the following steps, you must configure either the client-side extensions in step 2 or the server-side extensions in step 3.
Steps for this task
If a standalone security token is used for authentication, then the Uniform Resource Identifier (URI) and local name attributes must define the type of security token that is used for authentication. You can select standard or custom security tokens by URI and local name.
URI | Local name | Description |
---|---|---|
A namespace URI is not applicable. | Specify http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 as the local name value. | Specifies the name of an X.509 certificate token |
A namespace URI is not applicable. | Specify http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1 as the local name value. | Specifies the name of the X.509 certificates in a PKI path |
A namespace URI is not applicable. | Specify http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#PKCS7 as the local name value. | Specifies a list of X509 certificates and certificate revocation lists (CRL) in a PKCS#7 |
Specify http://www.ibm.com/websphere/appserver/tokentype/5.0.2 as the URI value. | Specify LTPA as the local name value. | Specifies a binary security token that contains an embedded Lightweight Third Party Authentication (LTPA) token. |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() A client sends a username token to the server. The custom token consumer on the server uses the security token service to authenticate the user name information. The username token is used to create a new token type such as a Security Assertion Markup Language (SAML) token. You can use the identity from the SAML token for authentication and authorization verification in WebSphere Application Server. |
The custom token requires that you specify both the URI and the Local name.
Related tasks
Signing message elements in consumer security constraints with keywords
Signing message elements in consumer security constraints with an XPath
expression
Encrypting message elements in consumer security constraints with keywords
Encrypting message elements in consumer security constraints with an
XPath expression
Configuring identity assertion