+

Search Tips   |   Advanced Search

Manage existing token providers with scripting


Use the wsadmin tool, which supports the Jython and Jacl scripting languages, to manage the trust service. Use this topic to modify token provider configuration data, and to add custom properties. You must have an existing token provider configured in the trust service.

Use the commands in the STSManagement group of AdminTask to modify existing configuration data. This pages includes examples for modifying existing non-custom configuration data.

  Modify existing configuration data.

Use the updateSTSTokenTypeConfiguration command to update existing properties for a specific token provider configuration. If specify the -distributedCache parameter, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for the -distributedCache parameter for custom tokens.

  1. Determine the token provider configuration to edit.

    Enter the following command to view the list of names of the configured token providers:

    AdminTask.listSTSConfiguredTokenTypes()

  2. Review the current configuration data for the token provider configuration to edit. Enter the following command to view a Properties object containing all non-custom configuration data for the Security Context Token token provider:

    AdminTask.querySTSTokenTypeConfigurationDefaultProperties('Security Context Token')

  3. Update the token provider configuration with new configuration data. Determine which parameters to update in the configuration, using the following table as a reference:


    Table 1. Command parameters

    Parameter Data type
    LocalName

    Unique token provider name as the target object of the command.

    String, required
    -HandlerFactory

    Configuration class name, including package information.

    String, required
    -URI

    Unique token type schema URI.

    String, required
    -lifetimeMinutes

    Amount of time, in minutes, that the token is valid.

    Integer, optional

    Default: 120 (minutes)

    Minimum: 10 (minutes)

    -renewalWindowMinutes

    Specifies the amount of time after the token expires during which the token can be renewed.

    Integer, optional

    Default: 120 (minutes)

    Minimum: 10 (minutes)

    -postdatable

    Set to true to specify that tokens of the token provider are valid at a later time. Tokens can be created with or without a future start time.

    Boolean, optional

    Default: false

    -distributedCache (deprecated)

    Set to true to enable distributed cache. If specify the -distributedCache parameter, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for the -distributedCache parameter for custom tokens.

    Boolean, optional

    Default: false

    -renewableAfterExpiration

    Set to true to specify that tokens of the token provider are renewable after expiration.

    Boolean, optional

    Default: false

    -tokenCacheFactory (deprecated)

    Specifies the fully qualified class name for the token provider. The secure conversation token handler class does not recognize this parameter.

    String, optionalDefault:

    com.ibm.ws.wssecurity.platform.websphere.trust.server.sts.ext.cache.STSTokenCacheFactoryImpl

    Use the updateSTSTokenTypeConfiguration command to update the configuration data for the Security Context Token token provider.

    The following example changes the time that the token is valid from 60 minutes to 100 minutes, disables token renewal after expiration, and enables distributed caching:

    AdminTask.updateSTSTokenTypeConfiguration('Security Context Token', '[-lifetimeMinutes 100 -renewableAfterExpiration false -distributedCache true]')
    The command returns a message indicating the success or failure of the operation.

  4. Save the configuration changes. Use the following command to save the changes:

    AdminConfig.save()
    

  5. Reload the modified configuration changes. Use the following command to force the trust service to reload the modified configuration without restarting the appserver:

    AdminTask.refreshSTS()

 

Related tasks

Set secure sessions between clients and services using the wsadmin tool
Querying the trust service using scripting
Add and remove token provider custom properties using scripting
Associating token providers with endpoint services (targets) using scripting

 

Related


Trust service token provider settings
STSManagement