+

Search Tips   |   Advanced Search

Token type settings


Use the admin console to define the details about the token types. This panel is displayed differently for each different token type. Policies can be defined that specify which types of security tokens are supported as well as properties for the token type.

To view token types for a policy set...

  1. Click Services > Policy sets > Application policy sets > policy_set_name.

  2. Click the WS-Security policy in the Policies table.

  3. Click the Main policy link or the Bootstrap policy link.

  4. Click one of the following:

    • Request token policies from the Policy detail section.

    • Response token policies from the Policy detail section.

    • Symmetric signature and encryption policies from the Key symmetry section.

    • Asymmetric signature and encryption policies from the Key symmetry section.

  5. For a Request token policy or a Response token policy, click a token from the Supported Token Types table or click the Add Token Type button to select the type of token to add.

  6. For a symmetric signature and encryption policy or an asymmetric signature and encryption policy, click Edit Selected Type Policy.

This panel is displayed for each token type we are configuring or adding. It displays fields for some token types and not for others. This help topic contains all of the fields for each of the token types and describes which token is being configured for each field.

Custom token name

For a custom token, specify the name of the token being configured. Enter or edit the name for the custom token in this entry field.

Local name

For a custom token, specify the local name.

If the custom token type is used to generate a Kerberos token as defined in the OASIS WS-Security Specification for Kerberos Token Profile v1.1, use one of the values in the following table for the local name. The value you choose depends on the specification level of the Kerberos token generated by the Key Distribution Center (KDC). The table lists the values and the spec level associated with each value. For purposes of interoperability, the Basic Security Profile V1.1 standard requires the use of the local name, http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ.

Local Name Value for Kerberos Token Associated Specification Level
http://docs.oasis-open.org/wss/oasiswss- kerberos-token-profile-1.1#Kerb erosv5_AP_REQ Kerberos V5 AP-REQ as defined in the Kerberos specification. This value is used when the Kerberos ticket is an AP Request.
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ GSS-API Kerberos V5 mechanism token containing a KRB_AP_REQ message as defined in RFC-1964 [1964], Sec. 1.1 and its successor RFC-4121, Sec. 4.1. This value is used when the Kerberos ticket is an AP Request (ST + Authenticator).
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5_AP_REQ1510 Kerberos V5 AP-REQ as defined in RFC1510. This value is used when the Kerberos ticket is an AP Request per RFC1510.
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510 GSS-API Kerberos V5 mechanism token containing a KRB_AP_REQ message as defined in RFC-1964, Sec. 1.1 and its successor RFC-4121, Sec. 4.1. This value is used when the Kerberos ticket is an AP Request (ST + Authenticator) per RFC1510.
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5_AP_REQ4120 Kerberos V5 AP-REQ as defined in RFC4120. This value is used when the Kerberos ticket is an AP Request per RFC4120.
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ4120 GSS-API Kerberos V5 mechanism token containing an KRB_AP_REQ message as defined in RFC-1964, Sec. 1.1 and its successor RFC-4121, Sec. 4.1. This value is used when the Kerberos ticket is an AP Request (ST + Authenticator) per RFC4120.

URI

For a custom token, specify the uniform resource identifier (URI).

Leave this field empty, if the custom token type is used to generate a Kerberos token as defined in the OASIS WS-Security Specification for Kerberos Token Profile v1.1.

LTPA token name

For an LTPA token, specify the name of the token being configured. Enter or edit the name for the LTPA token in this entry field.

Propagate the JAAS subject

For an LTPA token, specify whether the associated Java Authentication and Authorization Service (JAAS) subject is propagated. Select this check box to propagate the JAAS subject. The default value is not selected. Therefore, the JAAS subject is not propagated by default.

Username token name

Specify the name of the token being configured. Enter or edit the name for the username token in this entry field.

WS-Security version

For a Username token, specify the version of Web services security, the WS-Security specification, used to secure the message transmission.

The following versions are available:

  • WS-Security V1.0

  • WS-Security V1.1

X.509 token name

For a X.509 token, specify the name of the token being configured. Enter or edit the name for the X.509 token in this entry field.

WS-Security version

For a X.509 token, specify the version of Web services security used to secure the message transmission.

The following versions are available:

  • WS-Security V1.0

  • WS-Security V1.1

X.509 type

For a X.509 token, specify the type of X.509 token being configured.

The following types are available for the X.509 token:

  • X.509 V1. This option is available with WS-Security V 1.1 only.

  • X.509, V3

  • X.509 PKCX7

  • PKI Path V1

Secure conversation token

The secure conversation token is available only when using symmetric signature and encryption policies.

Require reference to secure context token issuer

For a secure conversation token, select this option to specify a reference to the issuer of the security context token.

After selecting the Require reference to secure context token issuer option, specify the URI of the security context token issuer.





 

Related tasks


Set the WS-Security policy
Manage policy sets

 

Related


Asymmetric signature and encryption policies settings
Symmetric signature and encryption policies settings
Application policy sets collection
Application policy set settings
Request or Response token policies collection