WAS v8.5 > Script the application serving environment (wsadmin) > Welcome to scripting for web services > Configure web services applications using wsadmin.sh > Configure secure sessions between clients and services using wsadmin.sh

Manage existing token providers using wsadmin.sh

We can use wsadmin, which supports the Jython and Jacl scripting languages, to manage the trust service. Use this topic to modify token provider configuration data, and to add custom properties.

You must have an existing token provider configured in the trust service. Use the commands in the STSManagement group of the AdminTask object to modify existing configuration data.

Use the updateSTSTokenTypeConfiguration command to update existing properties for a specific token provider configuration. If we specify the -distributedCache parameter, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for the -distributedCache parameter for custom tokens.

This topic includes examples for modifying existing non-custom configuration data.

  1. Determine the token provider configuration to edit.

    Enter the following command to view the list of names of the configured token providers:

      AdminTask.listSTSConfiguredTokenTypes()
  2. Review the current configuration data for the token provider configuration to edit.

    Enter the following command to view a Properties object containing all non-custom configuration data for the Security Context Token token provider:

      AdminTask.querySTSTokenTypeConfigurationDefaultProperties('Security Context Token')
  3. Update the token provider configuration with new configuration data.

    Determine which parameters to update in your configuration, using the following table as a reference:

    Command parameters. Run the updateSTSTokenTypeConfiguration command with parameters to update the token provider configuration.

    Parameter Data type
    LocalName

    Unique token provider name as the target object of the command.

    String, required
    -HandlerFactory

    Configuration class name, including package information.

    String, required
    -URI

    Unique token type schema URI.

    String, required
    -lifetimeMinutes

    Amount of time, in minutes, the token is valid.

    Integer, optional

    Default: 120 (minutes)

    Minimum: 10 (minutes)

    -renewalWindowMinutes

    Amount of time after the token expires during which the token can be renewed.

    Integer, optional

    Default: 120 (minutes)

    Minimum: 10 (minutes)

    -postdatable

    Set to true to specify that tokens of the token provider are valid at a later time. Tokens can be created with or without a future start time.

    Boolean, optional

    Default: false

    -distributedCache (deprecated)

    Set to true to enable distributed cache. If we specify the -distributedCache parameter, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for the -distributedCache parameter for custom tokens.

    Boolean, optional

    Default: false

    -renewableAfterExpiration

    Set to true to specify that tokens of the token provider are renewable after expiration.

    Boolean, optional

    Default: false

    -tokenCacheFactory (deprecated)

    Fully qualified class name for the token provider. The secure conversation token handler class does not recognize this parameter.

    String, optional

    Default:

    com.ibm.ws.wssecurity.platform.websphere.trust
    .server.sts.ext.cache.STSTokenCacheFactoryImpl

    Use the updateSTSTokenTypeConfiguration command to update the configuration data for the Security Context Token token provider. The following example changes the time the token is valid from 60 minutes to 100 minutes, disables token renewal after expiration, and enables distributed caching:

    AdminTask.updateSTSTokenTypeConfiguration('Security Context Token', '[-lifetimeMinutes 100 
    -renewableAfterExpiration false -distributedCache true]')

    The command returns a message indicating the success or failure of the operation.

  4. Save your configuration changes.

    To save your changes:

  5. Reload the modified configuration changes.

    To force the trust service to reload your modified configuration without restarting the application server:

      AdminTask.refreshSTS()


Related


Configure secure sessions between clients and services using wsadmin.sh
Querying the trust service using wsadmin.sh
Add and remove token provider custom properties using wsadmin.sh
Associate token providers with endpoint services (targets) using wsadmin.sh


Reference:

Trust service token provider settings
STSManagement command group for AdminTask


+

Search Tips   |   Advanced Search