WAS v8.5 > Secure applications > Secure web services > Secure web services > Administer Web Services Security > Administer message-level security for JAX-WS web services > Secure requests to the trust service using system policy sets

Configure trust service endpoint targets

The Trust Service manages tokens on behalf of service endpoints. A token provider is either explicitly or implicitly associated with each service endpoint. A specific token can be explicitly assigned to be issued when access to an endpoint is requested. Otherwise, the Trust Service Default token is issued.

Before beginning

The Web Services Secure Conversation specification defines the protocol for a client to establish a secure session with a target service. The security token service that WebSphere Application Server provides, referred to as the trust service, issues only the Security Context Token (SCT). The security context token is used for Web Services Secure Conversation (WS-SecureConversation). This task describes how to create new or manage existing assignments of tokens to be issued for endpoint targets. We can create explicit assignments for new service endpoints (targets) or manage existing token assignments.

To complete the configuration for the trust service, you must have performed the following tasks:

• Manage the security context token provider.

• Create or manage service endpoint URLs to attach to the policy set and binding.

The order in which you complete these tasks is not important.

Depending on your assigned security role when security is enabled, you might not have access to text entry fields or buttons to create or edit configuration data. Review the administrative roles documentation to learn more about the valid roles for the application server.

1. To configure new and existing trust service endpoint targets, click Services > Trust service > Targets. A list of all service endpoints that have a security token provider explicitly defined is displayed. The token provider assigned to the Trust Service Default by default handles requests to issue tokens to access an endpoint.

2. Click one of the following actions to manage a new or existing endpoint target configuration:

   New Assignment

   Opens a new panel where we can specify a custom service endpoint URL and explicitly assign the token provider, which is specified as the Trust Service Default, to be issued for access to the endpoint.

   Change Token

   Changes an explicitly assigned token to be issued for the service endpoint to the security context token. Select an endpoint and then click Change Token. Select the Security Context Token.

   Also, removes the explicit assignment of a token to be issued; therefore, the token that is issued is inherited from the Trust Service Default. Select an endpoint and then click Change Token. Click Inherit Default to remove a token provider assignment for the selected endpoint and to return the issued token to be the token specified as the Trust Service Default. If the token that is issued is inherited, the endpoint is no longer displayed in the list because the token provider is no longer explicitly assigned to the endpoint.

3. Click the token name link for an existing endpoint target to modify the token provider configuration information. We can modify the token type schema URI, or change custom properties.

4. Save your changes before applying the changes to the Web Services Security runtime configuration.

5. Click Update Runtime to update the Web Services Security runtime configuration with any data changes for token providers, trust service attachments, and targets. Whether the confirmation window is displayed depends on whether you select the Show confirmation for update runtime command check box. Expand Preferences to view the check box.

6. Optional: Confirm or click Cancel when the confirmation window appears. If you deselected the Show confirmation for update runtime command check box, all changes are made immediately without displaying the confirmation window.

Results

When you complete these steps, the service endpoint URL displays in the Targets collection, unless you changed the token to inherit the default value. We can also configure the trust service to issue tokens for individual endpoint targets using wsadmin. The wsadmin tool examples are written in the Jython scripting language.

What to do next

You have completed the required steps to create or manage existing trust service targets, to assign the security token provider to an endpoint target, and to update the Web Services Security runtime configuration. Next, if we have not competed these tasks already, configure the security context token provider or configure attachments to the policy set and binding to complete the trust service configuration.

Subtopics

• Assigning a new target for the trust service
  We can associate a security token provider with a service endpoint using the dmgr console. After entering the service endpoint URL, the token provider configured as the Trust Service Default is explicitly associated with the service endpoint.
• Trust service targets page
  Use this page to view a list of targets, which are application server service endpoints. We can manage tokens by specifying which token is to be issued when access to a specific endpoint is requested.
• Trust service targets settings
  Use this page to specify a custom service endpoint Universal Resource Locator (URL) and to assign a custom token type to the endpoint URL.

Related

Associate token providers with endpoint services (targets) using wsadmin.sh

Reference

Administrative roles

+

Search Tips   |   Advanced Search