Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Welcome to scripting for web services > Configure web services applications using wsadmin.sh > Configure secure sessions between clients and services using wsadmin.sh

Associate token providers with endpoint services (targets) using wsadmin.sh

We can use wsadmin.sh, which supports the Jython and Jacl scripting languages, to manage the association of endpoints and tokens. Use this topic to query, assign, and unassign the association of a token provider with an endpoint Uniform Resource Identifier (URI). Before you can assign and manage endpoint configurations, at least one token provider configuration and a web service must exist. Use the STSManagement group of commands to specify a custom service endpoint Uniform Resource Identifier (URI) and to assign and unassign the association of trust service token providers with endpoint configurations. Complete the steps in this topic to query the trust service for the existing endpoint configuration, associate the default token with an endpoint, and unassociate a token from an endpoint. We can perform these steps in any order.

Procedure

• Associate a token with a specific endpoint.

  1. View a list of all endpoint URIs that are currently associated with a token provider.

     Before invoking changes on your endpoint configurations, use the following listSTSAssignedEndpoints command to examine your current settings:

     AdminTask.listSTSAssignedEndpoints()
     

     If the endpoint of interest is currently associated with a token, do not use the assignSTSEndpointTokenType command.

     To update the token that is associated with the endpoint, use the updateSTSEndpointTokenType command in the next step.

  2. Associate a token with an endpoint.

     Use the assignSTSEndpointTokenType command to specify the token to issue for access to a specific endpoint. You do not need to specify the name of the token provider to assign if the token provider is set as the default configuration. For example, the following command assigns the security context token default token to the http://www.mycompany.com:8080/Ecommerce/Catalog endpoint URI:

     AdminTask.assignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog')
     

     If security context token is not the default token provider, use the following command:

     AdminTask.assignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog', '-LocalName security context token')
     

     The command returns a message indicating the success of the operation.

  3. Save the configuration changes.

     Use the following command to save your changes:

     AdminConfig.save()
     

  4. Reload the modified configuration changes.

     Use the following command to force the trust service to reload your modified configuration without restarting the application server:

     AdminTask.refreshSTS()
     

• Disassociate a token from an endpoint.
  1. Examine the current endpoint configuration.

     Use the listSTSAssignedEndpoints to view a list of each endpoint URI with assigned token providers, as the following example describes:

     AdminTask.listSTSAssignedEndpoints()
     

     The following sample output is displayed:

     'http://www.mycompany.com:8080/Ecommerce/Catalog'
     

  2. Choose the endpoint to edit.

     Use the querySTSEndpointTokenType to return the token provider associated with the endpoint of interest. Enter the following command to view the token provider associated with the http://www.mycompany.com:8080/Ecommerce/Catalog endpoint URI:

     AdminTask.querySTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog')
     

     The following sample output is displayed:

     'security context token'
     

  3. Disassociate the token type from the endpoint.

     Use the unassignSTSEndpointTokenType command to disassociate the token provider and endpoint configuration. The following command removes the security context token token provider that is associated with the http://www.mycompany.com:8080/Ecommerce/Catalog endpoint URI:

     AdminTask.unassignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog', '-LocalName security context token')
     

     The command returns a message indicating the success of the operation.

  4. Save the configuration changes.

     Use the following command to save your changes:

     AdminConfig.save()
     

  5. Reload the modified configuration changes.

     Use the following command to force the trust service to reload your modified configuration without restarting the service:

     AdminTask.refreshSTS()
     

Configure trust service endpoint targets
Configure secure sessions between clients and services using wsadmin.sh
Query the trust service using wsadmin.sh
Manage existing token providers using wsadmin.sh
Add and remove token provider custom properties using wsadmin.sh

Related

STSManagement command group

+

Search Tips   |   Advanced Search