+

Search Tips   |   Advanced Search

STSManagement (AdminTask)

STSManagement commands can be used to manage and query trust service token provider configurations and endpoint configurations. The STSManagement command group contains commands that allow you to configure existing token providers, assign token providers to endpoints, and modify general trust service configuration data. The commands in this group that perform configuration changes require that you execute the save command to commit the changes. No configuration changes are made if an exception is created when executing a command.

Use the following command to force the trust service to reload your modified configuration without restarting the application server:


createSTSTokenTypeConfiguration

Create a token provider configuration.

Target object:

Specify the LocalName object, which is used as an identifier for the various configurations. The value for the LocalName object must be unique.

Required parameters

-URI

The URI of the token provider. This value must be unique across all configuration token type URIs. (String, required)

-HandlerFactory

Provide the fully qualified class name of an implementation of the org.eclipse.higgins.sts.IObjectFactory interface. (String, required)

Optional parameters

-lifetimeMinutes

Maximum lifetime to assign to an issued token provider. The default value is 120 minutes. (Integer, optional)

-distributedCache

Whether to enable or disable distributed cache. Specify true to enable distributed cache capability. The default value is false. If we specify this option, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for this parameter for custom tokens. (Boolean, optional)

-tokenCacheFactory

Fully qualified class name for the token provider. The secure conversation token handler class does not recognize this parameter. (String, optional).

Return value

The command returns a success or failure message.

Batch mode example

Interactive mode


deleteSTSTokenTypeConfigurationCustomProperties

Remove custom properties from a token provider configuration.

Target object:

Specify the LocalName object of the token provider of interest.

Required parameters

None

Optional parameters

-propertyNames

Specify the names of the custom properties to delete from the configuration. If any of the specified properties do not exist in our configuration, you will receive an error message. (String[], optional)

Return value

The command returns a success or failure message.

Batch mode example

Interactive mode


listSTSConfiguredTokenTypes

List the local names of all configured token providers.

Target object: None

Required parameters

None

Optional parameters

None

Return value

The command returns the local names of all configured token providers.

Batch mode example

Interactive mode


querySTSDefaultTokenType

Determine the local name of the default token provider.

Target object: None

Required parameters

None

Optional parameters

None

Return value

The command returns the local name of the default token provider.

Batch mode example

Interactive mode


querySTSTokenTypeConfigurationDefaultProperties

Query the trust service for the non-custom properties of a token provider.

Target object:

Specify the LocalName object of the token provider to query.

Required parameters

None

Optional parameters

None

Return value

The command returns a java.util.Properties instance which contains the values of the non-custom properties. Non-custom properties include URI, HandlerFactory, lifetimeMinutes, distributedCache, postdatable, renewableAfterExpiration, and renewalWindowMinutes.

Batch mode example

Interactive mode


querySTSTokenTypeConfigurationCustomProperties

Query the trust service.

Target object:

Specify the LocalName object of the token provider of interest.

Required parameters

None

Optional parameters

None

Return value

The command returns a java.util.Properties instance containing the values of the custom properties.

Batch mode example

Interactive mode


setSTSDefaultTokenType

Set the default token provider for the trust service.

Target object:

Specify the LocalName object of the token provider as default.

Required parameters

None

Optional parameters

None

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode


updateSTSTokenTypeConfiguration

Update a token provider. All parameters are optional. The parameters specified are updated in the configuration if the property already exists. If the property does not exist, it is added to the configuration. To remove custom properties, use the deleteSTSTokenTypeConfigurationCustomProperties command.

Target object:

Specify the LocalName object of the token provider of interest.

Required parameters

None

Optional parameters

-URI

The URI of the token provider. This value must be unique across all configuration token type URIs. (String, optional)

-HandlerFactory

Provide the fully qualified class name of an implementation of the org.eclipse.higgins.sts.utilities.IObjectFactory interface. (String, optional)

-lifetimeMinutes

The maximum lifetime to assign to an issued token provider. The default value is 120 minutes. (Integer, optional)

-distributedCache

Whether to enable or disable distributed cache. Specify true to enable distributed cache capability. The default value is false. If we specify this option, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for this parameter for custom tokens. (Boolean, optional)

-postdatable

Set to true to allow tokens of this token provider to be valid starting at a future time. The default value is false. (Boolean, optional)

-renewableAfterExpiration

Set to true to allow tokens of this token provider to be renewable after expiration. The default value is false. (Boolean, optional)

-renewableWindowMinutes

Provide the number of minutes after a token has expired that a token of this token provider can be renewed. If this specified time has elapsed after expiration, then the token will no longer be available for renewal. The default value is 120 minutes. (Integer, optional)

-tokenCacheFactory

Fully qualified class name for the token provider. The secure conversation token handler class does not recognize this parameter. (String, optional).

-customProperties

Provide any additional custom properties. (java.util.Properties, optional).

Return value

The command returns a success or failure message.

Batch mode example

Interactive mode


removeSTSTokenTypeConfiguration

Remove a token provider configuration.

Target object:

Specify the LocalName object of the token provider of interest.

Required parameters

None

Optional parameters

None

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode


assignSTSEndpointTokenType

Give a token provider when a specific endpoint is accessed.

Target object:

Specify the endpointURI object of the endpoint to assign a given token provider. If the specified endpoint has already been assigned a token provider, you will receive an error message.

Required parameters

None

Optional parameters

-LocalName

Specify the local name of the token provider to assign to the specified endpoint. If the token provider configuration does not exist, you will receive an error message. If this parameter is not specified, the default token provider is used. (String, optional)

-issuer

Specify the URI of the issuer that specifies the token provider to issue. This value can be null. (String, optional)

Return value

The command returns a success or failure message.

Batch mode example

Interactive mode


listSTSAssignedEndpoints

List the URIs of assigned endpoints.

Target object: None

Required parameters

None

Optional parameters

None

Return value

The command returns the URIs of all assigned endpoints.

Batch mode example

Interactive mode


listSTSEndpointTokenTypes

Query the Trust Service for the token provider assigned to a specific endpoint.

Target object:

Specify the endpointURI object of the endpoint to query. An exception is raised if the specified endpoint has not been assigned a token provider.

Required parameters

None

Optional parameters

None

Return value

The command returns the local name of the token provider assigned to the specified endpoint.

Batch mode example

Interactive mode


unassignSTSEndpointTokenType

Unassign an endpoint from its token provider.

Target object:

Specify the endpointURI object of the endpoint to unassign from a given token provider. An exception is raised if the specified endpoint has not been assigned a token provider.

Required parameters

-LocalName

Specify the local name of the token provider configuration to unassign from the specified endpoint. (String, required)

Optional parameters

-issuer

Specify the URI of the issuer in the token provider assignment to remove. (String, optional)

Return value

The command returns a success or failure message.

Batch mode example

Interactive mode


updateSTSEndpointTokenType

Assign a different token provider to a specified endpoint.

Target object:

Specify the endpointURI object of the endpoint to update. An exception is raised if the specified endpoint has not been assigned a token provider.

Required parameters

-LocalName

Specify the local name of the token provider to assign to the specified endpoint. If the token provider configuration does not exist, you will receive an error message. If this parameter is not specified, the default token provider is used. (String, optional)

Optional parameters

None

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode


addSTSProperty

Add a new property for the trust service.

Target object:

Specify a unique name for the new property (string, required).

Required parameters

-propertyValue

Value of the property to add. (String, required)

Optional parameters

None

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode


deleteSTSProperty

Delete an existing property from the trust service.

Target object:

Specify the name of the property to delete.

Required parameters

None

Optional parameters

None

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode


editSTSProperty

Modify an existing property for the trust service.

Target object:

Specify the name of the property to edit. (String, required)

Required parameters

-propertyValue

New value for the property of interest. (String, required)

Optional parameters

None

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode


listSTSProperties

List all existing properties and their corresponding values for the trust service.

Target object: None

Required parameters

None

Optional parameters

None

Return value

The command returns a java.util.Properties instance containing the names and values of the properties.

Batch mode example

Interactive mode


refreshSTS

Refresh your trust service configuration changes without restarting the application server.

Target object: None

Required parameters

None

Optional parameters

None

Return value

The command returns a success or failure message.

Batch mode example usage


Related tasks

  • Secure requests to the trust service using system policy sets
  • Use the wsadmin scripting AdminTask object for scripted administration
  • Commands (AdminTask)