WAS v8.5 > Secure applications > Secure web services > Secure web services > Administer Web Services Security > Administer message-level security for JAX-WS web services > Secure requests to the trust service using system policy sets

Configure the security context token provider for the trust service

Configure the WebSphere Application Server trust service to issue a specific security token to the requestor for communication with an endpoint. Use the dmgr console to configure the security context token provider the trust service provides.

WAS provides a trust service. The trust service provides both a security token service and additional WAS trust-related functionality. To configure the trust service, in addition to managing the security context token provider, first complete the following tasks:

• Create or manage supported targets. We can create explicit assignments for new service endpoints (targets) or manage endpoints that have the security context token provider explicitly assigned or that inherit the token provider designated as the Trust Service default.

• Create or manage the attachment of token operations for service endpoints to policy sets and bindings.

The order in which you complete these tasks is not important. This task describes how to manage the security context token provider and how to define or modify the properties of the security context token provider.

Depending on your assigned security role when security is enabled, you might not have access to text entry fields or buttons to create or edit configuration data. Review the administrative roles documentation to learn more about the valid roles for the application server.

1. To manage the security context token provider, click Services > Trust service > Token providers.
2. To edit the settings of the security context token provider configuration, click the link for the token provider name. We cannot edit the name, class name, or token type schema URI when modifying the token provider information.
   1. The format of the token type schema Uniform Resource Identifier (URI) is in the standard URI format. For example, for a version 1.3 security context token, the URI is: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct

   2. Change the amount of time, in minutes, in the Time in cache after timeout field the expired token is kept in cache and where the token can still be renewed. Default is 120 minutes. This value cannot be less than 10 minutes.

   3. Change the amount of time, in minutes, in the Token timeout field the issued token is valid. Default is 10 minutes. This value cannot be less than 10 minutes.

   4. Select the Allow renewal after timeout check box to enable the renewal of a token after the token has expired. If selected, the amount of time, within which an expired token can still be renewed, is specified in minutes in the Time in cache after expiration field.

   5. Select the Allow postdated tokens check box to enable postdated tokens. Use postdated tokens to specify whether a client can request a token to become valid at a later time.

   6. Select the Support Secure Conversation Token v200502 to enable use of the older draft submission specification level of the security context token. The correct URI for this level of the token type schema appears in the field under the check box: http://schemas.xmlsoap.org/ws/2005/02/sc/sct.

   7. Click New to define a new custom property or click Edit to modify the custom property. Specify these settings using the Custom Properties setting. Custom properties are used to set internal system configuration properties. Custom properties are arbitrary name-value pairs of data, where the name might be a property key or a class implementation, and where the value might be a string or the value might be a true or false value.

   8. If you define a custom property, type a name. Refer to the documentation for the token provider for valid custom property names.

   9. If you define a custom property, type a value. Refer to the documentation for the token provider for the values for a property name.
   10. Repeat defining the name and the value for each custom property that you add.

   11. Click OK. You are returned to the Token providers panel.

3. Save your changes before applying the changes to the Web Services Security runtime configuration.

4. Click Update Runtime to update the Web Services Security runtime configuration with any data changes for token providers, trust service attachments, and targets. Whether the confirmation window is displayed depends on whether you select the Show confirmation for update runtime command check box. Expand Preferences to view the check box.

5. Optional: Confirm or click Cancel when the confirmation window appears. If you deselected the Show confirmation for update runtime command check box, all changes are made immediately without displaying the confirmation window.

Results

You have completed the required steps to modify the security context token provider configuration and to update the Web Services Security runtime configuration. We can also update the security context token provider configuration for the trust service using wsadmin. The wsadmin tool examples are written in the Jython scripting language.

Next, , you must also configure targets or configure attachments to complete the trust service configuration.

Subtopics

• Modify the security context token provider configuration for the trust service
  WAS provides a pre-configured token, the Security Context Token (SCT). Use the dmgr console to modify the configuration of the security context token provider.
• Disable the submission draft level for the security context token provider
  Use the dmgr console to configure the security context token provider the trust service provides. Two levels of the token are supported on WAS: the token defined by the WS-Trust February 2005 Submission Draft specification, and the token defined by the OASIS WS-Trust Standard version 1.3. We can disable a setting so the server will not accept a trust request that specifies the submission draft level of the token.
• Trust service token provider settings
  Use this page to modify information for an existing token provider.
• Trust service token providers page
  Use this page to view information about or manage token providers for the trust service.

Related concepts:

Security context token
Web Services Trust standard

Related

Manage existing token providers using wsadmin.sh

Reference:

Administrative roles

+

Search Tips   |   Advanced Search