Network Deployment (Distributed operating systems), v8.0 > Reference > Commands (wsadmin scripting)
STSManagement command group
Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the STSManagement group can be used to manage and query trust service token provider configurations and endpoint configurations.
The STSManagement command group contains commands that allow you to configure existing token providers, assign token providers to endpoints, and modify general trust service configuration data. The commands in this group that perform configuration changes require that you execute the save command to commit the changes. No configuration changes are made if an exception is created when executing a command.
Use the following commands to modify and query token provider configurations:
- createSTSTokenTypeConfiguration
- deleteSTSTokenTypeConfigurationCustomProperties
- listSTSConfiguredTokenTypes
- querySTSDefaultTokenType
- querySTSTokenTypeConfigurationDefaultProperties
- querySTSTokenTypeConfigurationCustomProperties
- setSTSDefaultTokenType
- updateSTSTokenTypeConfiguration
- removeSTSTokenTypeConfiguration
Use the following commands to assign, unassign, and query endpoint configurations:
- assignSTSEndpointTokenType
- listSTSAssignedEndpoints
- listSTSEndpointTokenTypes
- unassignSTSEndpointTokenType
- updateSTSEndpointTokenType
Use the following commands to add, edit, delete, and list properties of the trust service:
Use the following command to force the trust service to reload your modified configuration without restarting the application server:
createSTSTokenTypeConfiguration
The createSTSTokenTypeConfiguration command is used to create a token provider configuration.
Target object
Specify the LocalName object, which is used as an identifier for the various configurations. The value for the LocalName object must be unique.
Required parameters
-URI
The URI of the token provider. This value must be unique across all configuration token type URIs. (String, required)
-HandlerFactory
Provide the fully qualified class name of an implementation of the org.eclipse.higgins.sts.IObjectFactory interface. (String, required)
Optional parameters
-lifetimeMinutes
Maximum lifetime to assign to an issued token provider. The default value is 120 minutes. (Integer, optional)
-distributedCache
Whether to enable or disable distributed cache. Specify true to enable distributed cache capability. The default value is false. If you specify this option, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for this parameter for custom tokens. (Boolean, optional)
-tokenCacheFactory
Fully qualified class name for the token provider. The secure conversation token handler class does not recognize this parameter. (String, optional).
Return valueThe command returns a success or failure message.
Batch mode example usage
- Jython string:
AdminTask.createSTSTokenTypeConfiguration('myTokenType', '[-HandlerFactory test.ibm.samples.myTokenType -URI http://ibm.com/tokens/schema/myTokenType]')
- Use Jython list:
AdminTask.createSTSTokenTypeConfiguration('myTokenType', ['-HandlerFactory', 'test.ibm.samples.myTokenType', '-URI', 'http://ibm.com/tokens/schema/myTokenType'])
Interactive example...
### Jython
AdminTask.createSTSTokenTypeConfiguration('-interactive')
deleteSTSTokenTypeConfigurationCustomProperties
The deleteSTSTokenTypeConfigurationCustomProperties command is used to remove custom properties from a token provider configuration.
Target object
Specify the LocalName object of the token provider of interest.
Required parametersNone
Optional parameters
-propertyNames
Specify the names of the custom properties to delete from the configuration. If any of the specified properties do not exist in the configuration, you will receive an error message. (String[], optional)
Return valueThe command returns a success or failure message.
Batch mode example usage
- Jython string:
AdminTask.deleteSTSTokenTypeConfigurationCustomProperties('myTokenType', '[-propertyNames com.ibm.ws.security.webChallengeIfCustomSubjectNotFound com.ibm.ws.security.defaultLoginConfig]')
- Use Jython list:
AdminTask.deleteSTSTokenTypeConfigurationCustomProperties('myTokenType', ['-propertyNames', 'com.ibm.ws.security.webChallengeIfCustomSubjectNotFound com.ibm.ws.security.defaultLoginConfig'])
Interactive example...
### Jython
AdminTask.deleteSTSTokenTypeConfigurationCustomProperties('-interactive')
listSTSConfiguredTokenTypes
The listSTSConfiguredTokenTypes command is used to list the local names of all configured token providers.
Target object
None
Required parametersNone
Optional parameters
None
Return valueThe command returns the local names of all configured token providers.
Batch mode example usage
### Jython
AdminTask.listSTSConfiguredTokenTypes()
Interactive example...
### Jython
AdminTasklistSTSConfiguredTokenTypes('-interactive')
querySTSDefaultTokenType
The querySTSDefaultTokenType command is used to determine the local name of the default token provider.
Target object
None
Required parametersNone
Optional parameters
None
Return valueThe command returns the local name of the default token provider.
Batch mode example usage
### Jython
AdminTask.querySTSDefaultTokenType()
Interactive example...
### Jython
AdminTask.querySTSDefaultTokenType('-interactive')
querySTSTokenTypeConfigurationDefaultProperties
The querySTSTokenTypeConfigurationDefaultProperties command is used to query the trust service for the non-custom properties of a token provider.
Target object
Specify the LocalName object of the token provider to query.
Required parametersNone
Optional parameters
None
Return valueThe command returns a java.util.Properties instance which contains the values of the non-custom properties. Non-custom properties include URI, HandlerFactory, lifetimeMinutes, distributedCache, postdatable, renewableAfterExpiration, and renewalWindowMinutes.
Batch example...
### Jython
AdminTask.querySTSTokenTypeConfigurationDefaultProperties('TokenType2')
Interactive example...
### Jython
AdminTask.querySTSTokenTypeConfigurationDefaultProperties('-interactive')
querySTSTokenTypeConfigurationCustomProperties
The querySTSTokenTypeConfigurationCustomProperties command is used to query the trust service.
Target object
Specify the LocalName object of the token provider of interest.
Required parameters
None
Optional parametersNone
Return valueThe command returns a java.util.Properties instance containing the values of the custom properties.
Batch mode example usage
### Jython
AdminTask.querySTSTokenTypeConfigurationCustomProperties('TokenType2')
Interactive example...
### Jython
AdminTask.querySTSTokenTypeConfigurationCustomProperties('-interactive')
setSTSDefaultTokenType
The setSTSDefaultTokenType command is used to set the default token provider for the trust service.
Target object
Specify the LocalName object of the token provider as default.
Required parameters
None
Optional parametersNone
Return valueThe command returns a success or failure message.
Batch example...
### Jython
AdminTask.setSTSDefaultTokenType('TokenType2')
Interactive example...
### Jython
AdminTask.setSTSDefaultTokenType('-interactive')
updateSTSTokenTypeConfiguration
The updateSTSTokenTypeConfiguration command is used to update configuration data for a token provider. All parameters are optional. The parameters that are specified are updated in the configuration if the property already exists. If the property does not exist, it is added to the configuration.
To remove custom properties, use the deleteSTSTokenTypeConfigurationCustomProperties command.
Target object
Specify the LocalName object of the token provider of interest.
Required parameters
None
Optional parameters
-URI
The URI of the token provider. This value must be unique across all configuration token type URIs. (String, optional)
-HandlerFactory
Provide the fully qualified class name of an implementation of the org.eclipse.higgins.sts.utilities.IObjectFactory interface. (String, optional)
-lifetimeMinutes
The maximum lifetime to assign to an issued token provider. The default value is 120 minutes. (Integer, optional)
-distributedCache
Whether to enable or disable distributed cache. Specify true to enable distributed cache capability. The default value is false. If you specify this option, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for this parameter for custom tokens. (Boolean, optional)
-postdatable
Set the value of this parameter to true to allow tokens of this token provider to be valid starting at a future time. The default value is false. (Boolean, optional)
-renewableAfterExpiration
Set the value of this parameter to true to allow tokens of this token provider to be renewable after expiration. The default value is false. (Boolean, optional)
-renewableWindowMinutes
Provide the number of minutes after a token has expired that a token of this token provider can be renewed. If this specified time has elapsed after expiration, then the token will no longer be available for renewal. The default value is 120 minutes. (Integer, optional)
-tokenCacheFactory
Fully qualified class name for the token provider. The secure conversation token handler class does not recognize this parameter. (String, optional).
-customProperties
Provide any additional custom properties. (java.util.Properties, optional).
Return valueThe command returns a success or failure message.
Batch mode example usage
- Jython string:
AdminTask.updateSTSTokenTypeConfiguration('myTokenType', '[-lifetimeMinutes 100 -renewableAfterExpiration false -distributedCache true]')
- Use Jython list:
AdminTask.updateSTSTokenTypeConfiguration('myTokenType', ['-lifetimeMinutes', '100', ' -renewableAfterExpiration', 'false', '-distributedCache', 'true'])
Interactive example...
### Jython
AdminTask.updateSTSTokenTypeConfiguration('-interactive')
removeSTSTokenTypeConfiguration
The removeSTSTokenTypeConfiguration command removes a token provider configuration.
Target object
Specify the LocalName object of the token provider of interest.
Required parameters
None
Optional parametersNone
Return valueThe command returns a success or failure message.
Batch example...
### Jython
AdminTask.removeSTSTokenTypeConfiguration('myTokenType')
Interactive example...
### Jython
AdminTask.removeSTSTokenTypeConfiguration ('-interactive')
assignSTSEndpointTokenType
The assignSTSEndpointTokenType command is used to give a token provider when a specific endpoint is accessed.
Target object
Specify the endpointURI object of the endpoint to assign a given token provider. If the specified endpoint has already been assigned a token provider, you will receive an error message.
Required parametersNone
Optional parameters
-LocalName
Specify the local name of the token provider to assign to the specified endpoint. If the token provider configuration does not exist, you will receive an error message. If this parameter is not specified, the default token provider is used. (String, optional)
-issuer
Specify the URI of the issuer that specifies the token provider to issue. This value can be null. (String, optional)
Return valueThe command returns a success or failure message.
Batch mode example usage
- Jython string:
AdminTask.assignSTSEndpointTokenType('www.ibm.tokenservice/Ecommerce/', '[-LocalName tokenType1]')
- Use Jython list:
AdminTask.assignSTSEndpointTokenType('www.ibm.tokenservice/Ecommerce/', ['-LocalName', 'tokenType1'])
Interactive example...
### Jython
AdminTask.assignSTSEndpointTokenType ('-interactive')
listSTSAssignedEndpoints
The listSTSAssignedEndpoints command is used to list the URIs of assigned endpoints.
Target object
None
Required parameters
None
Optional parametersNone
Return valueThe command returns the URIs of all assigned endpoints.
Batch example...
### Jython
AdminTask.listSTSAssignedEndpoints()
Interactive example...
### Jython
AdminTask.listSTSAssignedEndpoints ('-interactive')
listSTSEndpointTokenTypes
The listSTSEndpointTokenTypes command is used to query the Trust Service for the token provider assigned to a specific endpoint.
Target object
Specify the endpointURI object of the endpoint to query. An exception is raised if the specified endpoint has not been assigned a token provider.
Required parametersNone
Optional parameters
None
Return valueThe command returns the local name of the token provider assigned to the specified endpoint.
Batch example...
### Jython
AdminTask.listSTSEndpointTokenTypes()
Interactive example...
### Jython
AdminTask.listSTSEndpointTokenTypes ('-interactive')
unassignSTSEndpointTokenType
The unassignSTSEndpointTokenType command is used to unassign an endpoint from its token provider.
Target object
Specify the endpointURI object of the endpoint to unassign from a given token provider. An exception is raised if the specified endpoint has not been assigned a token provider.
Required parameters
-LocalName
Specify the local name of the token provider configuration to unassign from the specified endpoint. (String, required)
Optional parameters
-issuer
Specify the URI of the issuer in the token provider assignment to remove. (String, optional)
Return valueThe command returns a success or failure message.
Batch mode example usage
- Jython string:
AdminTask.unassignSTSEndpointTokenType('www.ibm.tokenservice/Ecommerce/','[-LocalName tokenType2]')
- Use Jython list:
AdminTask.unassignSTSEndpointTokenType('www.ibm.tokenservice/Ecommerce/', ['-LocalName', 'tokenType2'])
Interactive example...
### Jython
AdminTask.unassignSTSEndpointTokenType ('-interactive')
updateSTSEndpointTokenType
The updateSTSEndpointTokenType command is used to assign a different token provider to a specified endpoint.
Target object
Specify the endpointURI object of the endpoint to update. An exception is raised if the specified endpoint has not been assigned a token provider.
Required parameters
-LocalName
Specify the local name of the token provider to assign to the specified endpoint. If the token provider configuration does not exist, you will receive an error message. If this parameter is not specified, the default token provider is used. (String, optional)
Optional parametersNone
Return valueThe command returns a success or failure message.
Batch example...
- Jython string:
AdminTask.updateSTSEndpointTokenType('www.ibm.tokenservice/Ecommerce/', '[-LocalName tokenType2]')
- Use Jython list:
AdminTask.updateSTSEndpointTokenType('www.ibm.tokenservice/Ecommerce/', ['-LocalName', 'tokenType2'])
Interactive example...
### Jython
AdminTask.updateSTSEndpointTokenType('-interactive')
addSTSProperty
The addSTSProperty command adds a new property for the trust service.
Target object
Specify a unique name for the new property (string, required).
Required parameters
-propertyValue
Value of the property to add. (String, required)
Optional parametersNone
Return valueThe command returns a success or failure message.
Batch example...
- Jython string:
AdminTask.addSTSProperty('pluginSCTVersion', '[-propertyValue 2.0]')
- Use Jython list:
AdminTask.addSTSProperty('pluginSCTVersion', ['-propertyValue', '2.0'])
Interactive example...
### Jython
AdminTask.addSTSProperty('-interactive')
deleteSTSProperty
The deleteSTSProperty command deletes an existing property from the trust service.
Target object
Specify the name of the property to delete.
Required parametersNone
Optional parametersNone
Return value
The command returns a success or failure message.
Batch mode example usage
### Jython
AdminTask.deleteSTSProperty('pluginSCTVersion')
Interactive example...
### Jython
AdminTask.deleteSTSProperty('-interactive')
editSTSProperty
The editSTSProperty command modifies an existing property for the trust service.
Target object
Specify the name of the property to edit. (String, required)
Required parameters
-propertyValue
New value for the property of interest. (String, required)
Optional parametersNone
Return valueThe command returns a success or failure message.
Batch example...
- Jython string:
AdminTask.editSTSProperty('pluginSCTVersion', '[-propertyValue 2.1]')
- Use Jython list:
AdminTask.editSTSProperty('pluginSCTVersion', ['-propertyValue', '2.1'])
Interactive example...
### Jython
AdminTask.editSTSProperty('-interactive')
listSTSProperties
The listSTSProperties command lists all existing properties and their corresponding values for the trust service.
Target object
None
Required parametersNone
Optional parameters
None
Return valueThe command returns a java.util.Properties instance that contains the names and values of the properties.
Batch example...
### Jython
AdminTask.listSTSProperties()
Interactive example...
### Jython
AdminTask.listSTSProperties('-interactive')
refreshSTS
The refreshSTS command refreshes your trust service configuration changes without restarting the application server.
Target object
None
Required parametersNone
Optional parameters
None
Return valueThe command returns a success or failure message.
Batch mode example usage
### Jython
AdminTask.refreshSTS()
Secure requests to the trust service using system policy sets
Use the wsadmin scripting AdminTask object for scripted administration
Related
Commands using wsadmin.sh