+

Search Tips   |   Advanced Search

Modify the security context token provider configuration for the trust service using the admin console


WAS provides a pre-configured token, the Security Context Token (SCT).

Use the admin console to modify the configuration of the security context token provider.

WAS provides a trust service. The trust service provides both a security token service and additional WAS trust-related functionality. To configure the trust service, in addition to managing the security context token provider, first complete the following tasks:

The order in which you complete these tasks is not important.

This task describes how to configure the security context token provider and how to define the token provider properties.

 

  1. To configure the security context token provider, click Services > Trust services > Token providers.

  2. To change the configuration of the security context token provider, click the link for the token provider name (Security Context Token).

    For an existing token, the token name, class name and URI are displayed, but are not editable.

  3. Change the amount of time, in minutes, in the Time in cache after expiration field that the expired token is kept in cache and where the token can still be renewed. The default value is 120 minutes, and we cannot type a value that is less than 10 minutes.

  4. Change the amount of time, in minutes, in the Token timeout field that the issued token is valid. The default value is 120 minutes, and we cannot type a value that is less than 10 minutes.

  5. Select the Allow renewal after timeout check box to enable the renewal of a token, after the timeout time has expired.

    If selected, the amount of time, within which an expired token can still be renewed, is specified in the Time in cache after expiration field.

  6. Select the Allow postdated tokens check box to enable postdated tokens. Use postdated tokens to specify whether a client can request a token to become valid at a later time.

  7. Select the Support Secure Conversation Token v200502 check box to enable use of the older draft submission specification level of the security context token. The correct URI for this level of the token type schema appears in the field under the check box: http://schemas.xmlsoap.org/ws/2005/02/sc/sct.

  8. Click New to define a new custom property.

    Specify additional configuration using the Custom Properties setting. Custom properties are used to set internal system configuration properties.

    Custom properties are arbitrary name-value pairs of data, where the name might be a property key or a class implementation, and where the value might be a string or Boolean value.

    1. If defining a new custom property, type a name. For example, for a custom property, type: com.ibm.wsspi.wssecurity.trust.keySize

    2. If defining a new custom property, type a value. For example, the following value: 128

    3. Repeat the name and value steps for each new custom property.

  9. Click OK. we are returned to the Token provider panel.

  10. Save the changes before applying the changes to the Web services security runtime configuration.

  11. On the Token provider panel, click Update Runtime to update the WS-Security runtime configuration with any data changes for token providers, trust service attachments, and targets. Whether the confirmation window is displayed depends on whether you select the Show confirmation for update runtime command check box. Expand Preferences to view the check box.

  12. Confirm or click Cancel when the confirmation window appears. If we deselected the Show confirmation for update runtime command check box, all changes are made immediately without displaying the confirmation window.

 

Results

we have completed the required steps to modify the configuration of the security context token provider and to update the WS-Security runtime configuration. We can also modify the configuration of the security context token provider for the trust service using wsadmin. The wsadmin tool examples are written in Jython.

 

Next steps

If we have not done so already, also configure targets or configure attachments to complete the trust service configuration.


Trust service token custom properties

 

Related concepts


Web Services Trust standard

 

Related tasks


Disable the submission draft level for the security context token provider

Set the security context token provider for the trust service

 

Related


Trust service token provider settings
Trust service token providers collection
Token type settings