Configure trust association using scripting
Use the wsadmin tool to configure and manage trust association configurations in a multiple security domain environment. Trust association enables the integration of the application server security and third-party security servers. More specifically, a reverse proxy server can act as a front-end authentication server while the product applies its own authorization policy onto the resulting credentials passed by the proxy server.
We must meet the following requirements before configuring a trust association:
- We must have the administrator or new admin role.
- Enable global security in the environment.
- Configure multiple realms using security domains in the environment.
Tasks
- Launch the wsadmin scripting tool using the Jython scripting language. See the Starting the wsadmin scripting client article for more information.
- Configure a trust association.
Use the configureTrustAssociation command to enable the trust association. We can also use this command to create or modify a trust association interceptor.
The following Jython command creates a trust association for the testDomain security domain and configures the trust association to act as a reverse proxy server:
AdminTask.configureTrustAssociation('-securityDomainName testDomain -enable true')- Configure the trust association interceptor.
Use the configureInterceptor command to modify an existing interceptor. The following Jython command uses a WebSEAL interceptor to configure single sign-on for the testDomain security domain:
AdminTask.configureInterceptor('[-interceptor com.ibm.ws.security.web.TAMTrustAssociationInterceptorPlus -securityDomainName testDomain -customProperties ["com.ibm.websphere.security.trustassociation.types=webseal", "com.ibm.websphere.security.webseal.loginId=websealLoginID", "com.ibm.websphere.security.webseal.id=iv-user"]]')- Save the configuration changes.
AdminConfig.save()
Related:
Trust associations Configure SSO using trust association Configure security domains using scripting Mapping resources to security domains using scripting Removing resources from security domains using scripting Removing security domains using scripting Start the wsadmin scripting client SecurityConfigurationCommands