Assigning a new target for the trust service using the administrative console
We can associate a security token provider with a service endpoint using the administrative console. After entering the service endpoint URL, the token provider configured as the Trust Service Default is explicitly associated with the service endpoint.
The Web Services Secure Conversation specification defines the protocol for a client to establish a secure session with a target service. The security token service that WebSphere Application Server provides, referred to as the trust service, issues the Security Context Token (SCT). The security context token is required for Web Services Secure Conversation (WS-SecureConversation).
This task describes how to register a service endpoint (target) with the trust service. Registration of an service endpoint with the trust service initially associates the token provider configured as the Trust Service Default with that service endpoint.
To complete the configuration for the trust service, you must have completed the following tasks:
- Manage the Security Context Token.
- Create or manage service endpoint URLs to attach to the policy set and binding.
The order in which you complete these tasks is not important.
- To configure a custom endpoint target, click Services > Trust service > Targets > New Assignment.
- At the New assignment panel, enter the Universal Resource Locator (URL) for the service endpoint, and click Assign. We are returned to the Targets panel where the custom service endpoint URL is displayed in the list. Initially, the token that is explicitly assigned to the custom endpoint is the token assigned as the Trust Service Default.
- At the Targets panel, select the check box for a service endpoint, click Change Token, and select one of the following:
- Security Context Token (SCT). A security context token is defined by the WS-SecureConversation specification.
- Inherit Default if we want the token that is issued to be the token assigned as the Trust Service Default. The endpoint is not displayed in the list when the assignment is inherited because the token is no longer explicitly assigned to the endpoint.
- At the targets panel, click the token name link for an existing endpoint target to modify the token provider configuration information.
- Save the changes before applying the changes to the Web Services Security runtime configuration.
- Click Update Runtime to update the Web Services Security runtime configuration with any data changes for token providers, trust service attachments, and targets. Whether the confirmation window is displayed depends on whether you select the Show confirmation for update runtime command check box. Expand Preferences to view the check box.
- Optional: Confirm or click Cancel when the confirmation window appears. If we deselected the Show confirmation for update runtime command check box, all changes are made immediately without displaying the confirmation window.
Results
When you complete these steps, service endpoints explicitly associated with a token provider are displayed in the Targets collection. Service endpoints that have been changed to inherit the token provider configured as the Trust Service Default are not displayed. We can also configure the security token service to issue a specific token for access to a target using the wsadmin tool. The wsadmin tool examples are written in the Jython scripting language.
What to do next
You have completed the required steps to create a service endpoint URL, to assign the token to be issued for access to the target, and to update the Web Services Security runtime configuration. Next, if we have not completed these tasks already, configure the Security Context Token provider or configure attachments to the policy set and binding to complete the trust service configuration.
Related tasks
Modify the security context token provider configuration for the trust service using the administrative console
Associate token providers with endpoint services (targets)
Related reference