Configure trust association

Use wsadmin.sh to configure and manage trust association configurations in a multiple security domain environment. Trust association enables the integration of the application server security and third-party security servers. More specifically, a reverse proxy server can act as a front-end authentication server while the product applies its own authorization policy onto the resulting credentials that are passed by the proxy server.

We must meet the following requirements before configuring a trust association:

• We must have the administrator or new admin role.

• Enable global security in the environment.

• Configure multiple realms using security domains in the environment.

1. Launch the wsadmin scripting tool using the Jython scripting language. See the Starting the wsadmin scripting client article for more information.

2. Configure a trust association.

   Use the configureTrustAssociation command to enable the trust association. We can also use this command to create or modify a trust association interceptor.

   The following Jython command creates a trust association for the testDomain security domain and configures the trust association to act as a reverse proxy server:

   AdminTask.configureTrustAssociation('-securityDomainName testDomain -enable true')

3. Configure the trust association interceptor.

   Use the configureInterceptor command to modify an existing interceptor. The following Jython command uses a WebSEAL interceptor to configure single sign-on for the testDomain security domain:

   AdminTask.configureInterceptor('[-interceptor com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlus -securityDomainName testDomain -customProperties ["com.ibm.websphere.security.trustassociation.types=webseal", "com.ibm.websphere.security.webseal.loginId=websealLoginID", "com.ibm.websphere.security.webseal.id=iv-user"]]')

4. Save the configuration changes.

   Use the following command example to save the configuration changes:

   AdminConfig.save()

Related concepts

Trust associations

Related tasks

Configure single sign-on using trust association

Configure security domains

Mapping resources to security domains

Remove resources from security domains

Remove security domains

Start the wsadmin scripting client

SecurityConfigurationCommands (AdminTask)