Add and remove token provider custom properties using wsadmin.sh
Use the wsadmin tool, which supports the Jython and Jacl scripting languages, to administer the trust service. Set internal system configuration properties for our token provider configuration by adding or removing custom properties.
We must have an existing token provider configured for the trust service.
Use custom properties to set internal system configuration properties and specify these properties using the customProperties parameter. Custom properties are arbitrary name and value pairs of data, where the name can be a property key or a class implementation, and where the value might be a string or Boolean value. Use this topic and the commands in the STSManagement group for the AdminTask object to add or remove custom properties from the configuration with the Jython scripting language.
Tasks
- Add new custom properties to a specific token provider configuration.
Use the updateSTSTokenTypeConfiguration command to add or update custom properties to your token provider configuration. Do not use the updateSTSTokenTypeConfiguration command to remove custom properties. If we specify the -distributedCache parameter, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for the -distributedCache parameter for custom tokens.
- Launch a scripting command. To learn more, see the starting the wsadmin scripting client information.
- Determine the token provider configuration to edit.
Enter the following command to view a list of the names for each configured token provider:
AdminTask.listSTSConfiguredTokenTypes()- Review the configured custom properties for the token provider of interest.
Enter the following command to view a properties object containing custom configuration data for the Security Context Token token provider:
AdminTask.querySTSTokenTypeConfigurationCustomProperties('Security Context Token')- Add custom properties to the token provider configuration.
Use the updateSTSTokenTypeConfiguration command to add the configuration data for the Security Context Token token provider. Use the following example to add the com.ibm.ws.security.webChallengeIfCustomSubjectNotFound custom property with a value of false and the com.ibm.ws.security.defaultLoginConfig custom property with a value of system.DEFAULT to the configuration:
AdminTask.updateSTSTokenTypeConfiguration('Security Context Token', '[-customProperties [[com.ibm.ws.security.webChallengeIfCustomSubjectNotFound false] [com.ibm.ws.security.defaultLoginConfig system.DEFAULT]] ]')The command returns a message indicating the success or failure of the operation.- Save the configuration changes.
To save the changes:
AdminConfig.save()- Reload the modified configuration changes.
To force the trust service to reload your modified configuration without restarting the application server.
AdminTask.refreshSTS()
- Edit custom properties for a specific token provider configuration.
- View configured custom properties for the token provider of interest.
Enter the following command to view a properties object containing custom configuration data for the Security Context Token token provider:
AdminTask.querySTSTokenTypeConfigurationCustomProperties('Security Context Token')- Modify the configuration data for the token provider of interest.
Use the updateSTSTokenTypeConfiguration command to modify the existing configuration data for the Security Context Token token provider. This example specifies that the Security Context Token token provider configuration includes the com.ibm.ws.security.webChallengeIfCustomSubjectNotFound custom property with a value of false and the com.ibm.ws.security.defaultLoginConfig custom property with a value of system.DEFAULT. To change the value of the com.ibm.ws.security.defaultLoginConfig custom property from system.DEFAULT to system.CUSTOM, and does not change any other configured custom properties:
AdminTask.updateSTSTokenTypeConfiguration('Security Context Token', '[-customProperties [[com.ibm.ws.security.defaultLoginConfig system.CUSTOM]]]')The command returns a message indicating the success or failure of the operation.- Save the configuration changes.
To save the changes:
AdminConfig.save()- Reload the modified configuration changes.
To force the trust service to reload your modified configuration without restarting the application server:
AdminTask.refreshSTS()
- Remove custom properties from token provider configurations.
- View configured custom properties for the token provider of interest.
Enter the following command to view a properties object containing custom configuration data for the Security Context Token token provider:
AdminTask.querySTSTokenTypeConfigurationCustomProperties('Security Context Token')- Delete the custom property from the token provider configuration.
Use the deleteSTSTokenTypeConfigurationCustomProperties command to delete custom properties from the configuration. Specify the names of the custom properties to remove using the propertyNames parameter. If the specified name does not exist in the configuration, no configuration changes are made. The following command removes the com.ibm.ws.security.webChallengeIfCustomSubjectNotFound and com.ibm.ws.security.defaultLoginConfig custom properties from the Security Context Token token provider configuration:
AdminTask.deleteSTSTokenTypeConfigurationCustomProperties('Security Context Token', '[-propertyNames com.ibm.ws.security.webChallengeIfCustomSubjectNotFound com.ibm.ws.security.defaultLoginConfig]')The command returns a message indicating the success or failure of the operation.- Save the configuration changes.
To save the changes:
AdminConfig.save()- Reload the modified configuration changes.
To force the trust service to reload your modified configuration without restarting the service:
AdminTask.refreshSTS()
Start the wsadmin scripting client Configure secure sessions between clients and services Query the trust service Manage existing token providers Associating token providers with endpoint services (targets) Trust service token custom properties Trust service token provider settings STSManagement