Associating token providers with endpoint services (targets) using scripting

Use the wsadmin tool, which supports the Jython and Jacl scripting languages, to manage the association of endpoints and tokens. Use this topic to query, assign, and unassign the association of a token provider with an endpoint URI.

Before we can assign and manage endpoint configurations, at least one token provider configuration and a Web service must exist.

Use the STSManagement group of commands to specify a custom service endpoint URI and to assign and unassign the association of trust service token providers with endpoint configurations. Complete the steps in this topic to query the trust service for the existing endpoint configuration, associate the default token with an endpoint, and unassociate a token from an endpoint. We can perform these steps in any order.

 

• Associate a token with a specific endpoint.

  1. View a list of all endpoint URIs that are currently associated with a token provider. Before invoking changes on the endpoint configurations, use the following listSTSAssignedEndpoints command to examine your current settings:

     AdminTask.listSTSAssignedEndpoints()

     If the endpoint of interest is currently associated with a token, do not use the assignSTSEndpointTokenType command. To update the token that is associated with the endpoint, use the updateSTSEndpointTokenType command in the next step.

  2. Associate a token with an endpoint. Use the assignSTSEndpointTokenType command to specify the token to issue for access to a specific endpoint. You do not need to specify the name of the token provider to assign if the token provider is set as the default configuration. For example, the following command assigns the Security Context Token default token to the http://www.mycompany.com:8080/Ecommerce/Catalog endpoint URI:

     AdminTask.assignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog')

     If Security Context Token is not the default token provider, use the following command:

     AdminTask.assignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog', '-LocalName Security Context Token')

     The command returns a message indicating the success of the operation.

  3. Save the configuration changes. Use the following command to save the changes:

     AdminConfig.save()

  4. Reload the modified configuration changes. Use the following command to force the trust service to reload the modified configuration without restarting the appserver:

     AdminTask.refreshSTS()

• Disassociate a token from an endpoint.

  1. Examine the current endpoint configuration. Use the listSTSAssignedEndpoints to view a list of each endpoint URI with assigned token providers, as the following example describes:

     AdminTask.listSTSAssignedEndpoints()

     The following sample output is displayed:

     'http://www.mycompany.com:8080/Ecommerce/Catalog'

  2. Choose the endpoint to edit. Use the querySTSEndpointTokenType to return the token provider associated with the endpoint of interest. Enter the following command to view the token provider associated with the http://www.mycompany.com:8080/Ecommerce/Catalog endpoint URI:

     AdminTask.querySTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog')

     The following sample output is displayed:

     'Security Context Token'

  3. Disassociate the token type from the endpoint. Use the unassignSTSEndpointTokenType command to disassociate the token provider and endpoint configuration.

     The following command removes the Security Context Token token provider that is associated with the http://www.mycompany.com:8080/Ecommerce/Catalog endpoint URI:

     AdminTask.unassignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog', '-LocalName Security Context Token')

     The command returns a message indicating the success of the operation.

  4. Save the configuration changes. Use the following command to save the changes:

     AdminConfig.save()

  5. Reload the modified configuration changes. Use the following command to force the trust service to reload the modified configuration without restarting the service:

     AdminTask.refreshSTS()

 

Related tasks

Set trust service endpoint targets
Set secure sessions between clients and services using the wsadmin tool
Querying the trust service using scripting
Manage existing token providers with scripting
Add and remove token provider custom properties using scripting

 

Related

STSManagement