Add and remove token provider custom properties using scripting

Use the wsadmin tool, which supports the Jython and Jacl scripting languages, to administer the trust service. Use this topic to set internal system configuration properties for the token provider configuration by adding or removing custom properties. You must have an existing token provider configured for the trust service.

Use custom properties to set internal system configuration properties and specify these properties using the customProperties parameter. Custom properties are arbitrary name and value pairs of data, where the name can be a property key or a class implementation, and where the value might be a string or Boolean value. Use this topic and the commands in the STSManagement group for AdminTask to add or remove custom properties from the configuration with Jython.

 

• Add new custom properties to a specific token provider configuration.

  Use the updateSTSTokenTypeConfiguration command to add or update custom properties to the token provider configuration. Do not use the updateSTSTokenTypeConfiguration command to remove custom properties. If specify the -distributedCache parameter, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for the -distributedCache parameter for custom tokens.

  1. Launch the wsadmin scripting tool using Jython.

  2. Determine the token provider configuration to edit. Enter the following command to view a list of the names for each configured token provider:

     AdminTask.listSTSConfiguredTokenTypes()

  3. Review the configured custom properties for the token provider of interest. Enter the following command to view a properties object containing custom configuration data for the Security Context Token token provider:

     AdminTask.querySTSTokenTypeConfigurationCustomProperties('Security Context Token')

  4. Add custom properties to the token provider configuration.

     Use the updateSTSTokenTypeConfiguration command to add the configuration data for the Security Context Token token provider. Use the following example to add the com.ibm.ws.security.webChallengeIfCustomSubjectNotFound custom property with a value of false and the com.ibm.ws.security.defaultLoginConfig custom property with a value of system.DEFAULT to the configuration:

     AdminTask.updateSTSTokenTypeConfiguration('Security Context Token', '[-customProperties [[com.ibm.ws.security.webChallengeIfCustomSubjectNotFound false] [com.ibm.ws.security.defaultLoginConfig system.DEFAULT]] ]')

     The command returns a message indicating the success or failure of the operation.

  5. Save the configuration changes. Use the following command to save the changes:

     AdminConfig.save()

  6. Reload the modified configuration changes. Use the following command to force the trust service to reload the modified configuration without restarting the appserver.

     AdminTask.refreshSTS()

• Edit custom properties for a specific token provider configuration.

  1. View configured custom properties for the token provider of interest. Enter the following command to view a properties object containing custom configuration data for the Security Context Token token provider:

     AdminTask.querySTSTokenTypeConfigurationCustomProperties('Security Context Token')

  2. Modify the configuration data for the token provider of interest.

     Use the updateSTSTokenTypeConfiguration command to modify the existing configuration data for the Security Context Token token provider. This example specifies that the Security Context Token token provider configuration includes the com.ibm.ws.security.webChallengeIfCustomSubjectNotFound custom property with a value of false and the com.ibm.ws.security.defaultLoginConfig custom property with a value of system.DEFAULT. Use the following command to change the value of the com.ibm.ws.security.defaultLoginConfig custom property from system.DEFAULT to system.CUSTOM, and does not change any other configured custom properties:

     AdminTask.updateSTSTokenTypeConfiguration('Security Context Token', '[-customProperties [[com.ibm.ws.security.defaultLoginConfig system.CUSTOM]]]')

     The command returns a message indicating the success or failure of the operation.

  3. Save the configuration changes. Use the following command to save the changes:

     AdminConfig.save()

  4. Reload the modified configuration changes. Use the following command to force the trust service to reload the modified configuration without restarting the appserver:

     AdminTask.refreshSTS()

• Remove custom properties from token provider configurations.

  1. View configured custom properties for the token provider of interest. Enter the following command to view a properties object containing custom configuration data for the Security Context Token token provider:

     AdminTask.querySTSTokenTypeConfigurationCustomProperties('Security Context Token')

  2. Delete the custom property from the token provider configuration.

     Use the deleteSTSTokenTypeConfigurationCustomProperties command to delete custom properties from the configuration. Specify the names of the custom properties to remove using the propertyNames parameter. If the specified name does not exist in the configuration, no configuration changes are made.

     The following command removes the com.ibm.ws.security.webChallengeIfCustomSubjectNotFound and com.ibm.ws.security.defaultLoginConfig custom properties from the Security Context Token token provider configuration:

     AdminTask.deleteSTSTokenTypeConfigurationCustomProperties('Security Context Token', '[-propertyNames com.ibm.ws.security.webChallengeIfCustomSubjectNotFound com.ibm.ws.security.defaultLoginConfig]')

     The command returns a message indicating the success or failure of the operation.

  3. Save the configuration changes. Use the following command to save the changes:

     AdminConfig.save()

  4. Reload the modified configuration changes. Use the following command to force the trust service to reload the modified configuration without restarting the service:

     AdminTask.refreshSTS()

 

Related tasks

Set secure sessions between clients and services using the wsadmin tool
Querying the trust service using scripting
Manage existing token providers with scripting
Associating token providers with endpoint services (targets) using scripting

 

Related

Trust service token custom properties
Trust service token provider settings
STSManagement