+

Search Tips   |   Advanced Search

Create a service endpoint attachment using the admin console


We can attach the trust service operations for a new service endpoint URL to system policy sets and bindings. The operations for each new endpoint are attached to the Trust Service Default policy sets and bindings. Each new endpoint initially has the following four operations: issue, renew, cancel, and validate.

First define the policy sets and their bindings. Policy sets describe the protection or quality of service that is provided (such as message security, transport and so forth). Bindings specify some details about how to implement the policy set, such as: the path for the keystore file, the class name of the token generator, or the JAAS configuration name.

Only use system policy sets with the trust service. The requestor (client) must utilize only JAX-WS. Requestors that use Java API for XML-based remote procedure calls (JAX-RPC) are incompatible with the policy set QOS.

Attach the trust service operations for a new endpoint to existing policy sets and bindings requires two steps. After initially attaching the endpoint, the following four operations are configured: issue, renew, cancel, and validate. These four operations explicitly attach to Trust Service Defaults. We can then modify these attachments to existing policy sets and bindings.

This task describes how to create or manage service endpoint URLs that you want to attach to the policy set and binding. To complete the configuration for the WAS trust service, also create or manage targets.

If no explicit bindings are attached, WAS uses the cell-level default binding, referred to as Default.

 

  1. To view existing trust service attachments, click Services > Trust service > Trust service attachments. Until you create the first attachment, only the default attachments for each operation are displayed.

  2. To create an attachment, click New Attachment.

  3. Enter the service endpoint URL in a valid format. Note that when the URL in the trust service attachment does not match the URL, including matching the case, to which the trust service request is sent, the policy set that is defined in the attachment is not applied. Instead, IBM WAS uses the policy set that is attached to the default for the trust operation.

    For example, where demo is the endpoint, we might enter: http://localhost:9082/wssamplebeta/demo

  4. Click Attach to attach the URL and to return to the Trust service attachments panel. After you click Attach, the Trust service attachments panel displays the new service endpoint URL and the initial four operations. The service endpoint URL specified is listed in the Trust service attachments collection. These four token operations (cancel, renew, validate and issue) for the specified endpoint are initially attached to Trust Service Defaults.

  5. On the Trust service attachments panel, change the policy set or binding attachment, as needed. We can return any operation to its initial state by inheriting Trust Service Defaults.

    Changing the policy set forces the binding to change to Default.

  6. Save the changes before applying the changes to the Web services security runtime configuration.

  7. Click Update Runtime to update the WS-Security runtime configuration with any data changes for token providers, trust service attachments, and targets. Whether the confirmation window appears depends on whether you selected the Show confirmation for update runtime command check box. Expand Preferences to view the check box.

  8. Confirm or cancel if the confirmation window appears. If we deselected the Show confirmation for update runtime command check box, all changes are made immediately without displaying the confirmation window.

 

Results

we have provided the basic information to create a trust service attachment and to configure a policy set, a binding, and the operation information.

 

Next steps

We can also create a new attachment for the trust service using wsadmin. The wsadmin tool examples are written in Jython.

Next, configure the security context token provider or configure targets to complete the trust service configuration.

 

Related tasks


Create policy set attachments using wsadmin
Set attachments for the trust service

 

Related


Trust service attachments collection
Trust service attachments settings