Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Welcome to scripting for web services > Configure web services applications using wsadmin.sh > Configure secure sessions between clients and services using wsadmin.sh
Manage existing token providers using wsadmin.sh
We can use wsadmin.sh, which supports the Jython and Jacl scripting languages, to manage the trust service. Use this topic to modify token provider configuration data, and to add custom properties.
We must have an existing token provider configured in the trust service.
Use the commands in the STSManagement group of the AdminTask object to modify existing configuration data.
Use the updateSTSTokenTypeConfiguration command to update existing properties for a specific token provider configuration. If you specify the -distributedCache parameter, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for the -distributedCache parameter for custom tokens.
This topic includes examples for modifying existing non-custom configuration data.
Procedure
- Determine the token provider configuration to edit.
Enter the following command to view the list of names of the configured token providers:
AdminTask.listSTSConfiguredTokenTypes()- Review the current configuration data for the token provider configuration to edit.
Enter the following command to view a Properties object containing all non-custom configuration data for the security context token token provider:
AdminTask.querySTSTokenTypeConfigurationDefaultProperties('security context token')- Update the token provider configuration with new configuration data.
Determine which parameters to update in your configuration, using the following table as a reference:
Command parameters. Run the updateSTSTokenTypeConfiguration command with parameters to update the token provider configuration.
Parameter Data type LocalName Unique token provider name as the target object of the command.
String, required -HandlerFactory Configuration class name, including package information.
String, required -URI Unique token type schema URI.
String, required -lifetimeMinutes Amount of time, in minutes, that the token is valid.
Integer, optional Default: 120 (minutes)
Minimum: 10 (minutes)
-renewalWindowMinutes Specifies the amount of time after the token expires during which the token can be renewed.
Integer, optional Default: 120 (minutes)
Minimum: 10 (minutes)
-postdatable Set to true to specify tokens of the token provider are valid at a later time. Tokens can be created with or without a future start time.
Boolean, optional Default: false
-distributedCache (deprecated) Set to true to enable distributed cache. If you specify the -distributedCache parameter, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for the -distributedCache parameter for custom tokens.
Boolean, optional Default: false
-renewableAfterExpiration Set to true to specify tokens of the token provider are renewable after expiration.
Boolean, optional Default: false
-tokenCacheFactory (deprecated) Specifies the fully qualified class name for the token provider. The secure conversation token handler class does not recognize this parameter.
String, optional Default:
com.ibm.ws.wssecurity.platform.websphere.trust .server.sts.ext.cache.STSTokenCacheFactoryImplUse the updateSTSTokenTypeConfiguration command to update the configuration data for the security context token token provider. The following example changes the time that the token is valid from 60 minutes to 100 minutes, disables token renewal after expiration, and enables distributed caching:
AdminTask.updateSTSTokenTypeConfiguration('security context token', '[-lifetimeMinutes 100 -renewableAfterExpiration false -distributedCache true]')The command returns a message indicating the success or failure of the operation.
- Save the configuration changes.
Use the following command to save your changes:
AdminConfig.save()- Reload the modified configuration changes.
Use the following command to force the trust service to reload your modified configuration without restarting the application server:
AdminTask.refreshSTS()
Configure secure sessions between clients and services using wsadmin.sh
Query the trust service using wsadmin.sh
Add and remove token provider custom properties using wsadmin.sh
Associate token providers with endpoint services (targets) using wsadmin.sh
Related
Trust service token provider settings
STSManagement command group