Trusted ID evaluator settings
Use this information to configure trust identity (ID) evaluators.
This admin console panel applies only to JAX-RPC applications.
To view this admin console page for trusted ID evaluators on the cell level...
Security | JAX-WS and JAX-RPC security runtime | Additional properties | Trusted ID evaluators
Click New to create a trusted ID evaluator or click the name of an existing configuration to modify its settings.
To view this admin console page for trusted ID evaluators on the server level...
Servers | Server Types | WebSphere application servers | server_name | Security | JAX-WS and JAX-RPC security runtime | Additional properties | Trusted ID evaluators
Click New to create a trusted ID evaluator or click the name of an existing configuration to modify the settings.
In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for WS-Security
To view this admin console page for trusted ID evaluators on the application level...
Applications | Application Types | WebSphere enterprise apps | application_name | Modules | Manage modules | URI_name | WS-Security Properties | Web services: Server security bindings | Request receiver binding | Edit | Trusted ID evaluators
Click New to create a trusted ID evaluator or click Delete to delete a trusted ID evaluator.
Trusted ID evaluators are only required for the request receiver (Version 5.x applications) and the request consumer (Version 6.x applications), if identity assertion is configured.
We can specify one of the following options:
None Choose this option if we are not specifying a trusted ID evaluator. Existing evaluator definition Choose this option to specify a currently defined trusted ID evaluator. Binding evaluator definition Choose this option to specify a new trusted ID evaluator. A description of the required fields follows.
Trusted ID evaluator name
Name used by the application binding to refer to a trusted identity (ID) evaluator that is defined in the default binding.
Trusted ID evaluator class name
Class name of the trusted ID evaluator.
The specified trusted ID evaluator class name must implement the interface...
com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator
The default TrustedIDEvaluator class is...
com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorImpl
When you use this default TrustedIDEvaluator class, specify the name and the value properties for the default trusted ID evaluator to create the trusted ID list for evaluation.
To specify the name and value properties...
- Under Additional properties, click Properties > New.
- Specify the trusted ID evaluator name as a property name. Specify the trusted ID evaluator name in the form, trustedId_n, where _n is an integer from zero (0) to n.
- Specify the trusted ID as a property value.
For example:
property name="trustedId_0", value="CN=Bob,O=ACME,C=US"
property name="trustedId_1", value="user1" If a distinguished name (DN) is used, the space is removed for comparison.
Default com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorImpl See the model information in the documentation for an explanation of how to implement the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator interface.
Related tasks
Set trusted ID evaluators on the server or cell level
Trusted ID evaluator collection