Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services > Administer Web Services Security > Administer message-level security for JAX-WS web services > Secure requests to the trust service using system policy sets > Configure attachments for the trust service
Create a service endpoint attachment
We can attach the trust service operations for a new service endpoint URL to system policy sets and bindings. The operations for each new endpoint are attached to the Trust Service Default policy sets and bindings. Each new endpoint initially has the following four operations: issue, renew, cancel, and validate.
First define your policy sets and their bindings. Policy sets describe the protection or quality of service provided (such as message security, transport and so forth). Bindings specify some details about how to implement the policy set, such as: the path for the keystore file, the class name of the token generator, or the JAAS configuration name.
Only use system policy sets with the trust service. The requestor (client) must utilize only JAX-WS. Requestors that use Java API for XML-based remote procedure calls (JAX-RPC) are incompatible with the policy set QOS.
Attach the trust service operations for a new endpoint to existing policy sets and bindings requires two steps. After initially attaching the endpoint, the following four operations are configured: issue, renew, cancel, and validate. These four operations explicitly attach to Trust Service Defaults. We can then modify these attachments to existing policy sets and bindings.
This task describes how to create or manage service endpoint URLs to attach to the policy set and binding.
To complete the configuration for the WAS trust service, also create or manage targets.
If no explicit bindings are attached, WAS uses the cell-level default binding, referred to as Default.
Procedure
- To view existing trust service attachments, click Services > Trust service > Trust service attachments . Until you create the first attachment, only the default attachments for each operation are displayed.
- To create an attachment, click New Attachment.
- Enter the service endpoint URL in a valid format. Note that when the URL in the trust service attachment does not match the URL, including matching the case, to which the trust service request is sent, the policy set that is defined in the attachment is not applied. Instead, IBM WAS uses the policy set that is attached to the default for the trust operation.
For example, where demo is the endpoint, you might enter: http://localhost:9080/wssamplebeta/demo
- Click Attach to attach the URL and to return to the Trust service attachments panel. After you click Attach, the Trust service attachments panel displays the new service endpoint URL and the initial four operations. The service endpoint URL specified is listed in the Trust service attachments collection. These four token operations (cancel, renew, validate and issue) for the specified endpoint are initially attached to Trust Service Defaults.
- On the Trust service attachments panel, change the policy set or binding attachment, as needed. We can return any operation to its initial state by inheriting Trust Service Defaults.
Changing the policy set forces the binding to change to Default.
- Save your changes before applying the changes to the Web Services Security runtime configuration.
- Click Update Runtime to update the Web Services Security runtime configuration with any data changes for token providers, trust service attachments, and targets. Whether the confirmation window appears depends on whether you selected the Show confirmation for update runtime command check box. Expand Preferences to view the check box.
- Optional: Confirm or cancel if the confirmation window appears. If you deselected the Show confirmation for update runtime command check box, all changes are made immediately without displaying the confirmation window.
Results
You have provided the basic information to create a trust service attachment and to configure a policy set, a binding, and the operation information.
What to do next
We can also create a new attachment for the trust service using wsadmin. The wsadmin tool examples are written in the Jython scripting language.
Next, configure the security context token provider or configure targets to complete the trust service configuration.
Create policy set attachments using wsadmin
Configure attachments for the trust service
Related
Trust service attachments collection
Trust service attachments settings