Associating token providers with endpoint services (targets) using wsadmin scripting
Use the wsadmin tool, which supports the Jython and Jacl scripting languages, to manage the association of endpoints and tokens. Use this topic to query, assign, and unassign the association of a token provider with an endpoint Uniform Resource Identifier (URI).
Before we can assign and manage endpoint configurations, at least one token provider configuration and a web service must exist.
Use the STSManagement group of commands to specify a custom service endpoint Uniform Resource Identifier (URI) and to assign and unassign the association of trust service token providers with endpoint configurations. Complete the steps in this topic to query the trust service for the existing endpoint configuration, associate the default token with an endpoint, and unassociate a token from an endpoint. We can perform these steps in any order.
Tasks
- Associate a token with a specific endpoint.
- View a list of all endpoint URIs that are currently associated with a token provider.
Before invoking changes on your endpoint configurations, use the following listSTSAssignedEndpoints command to examine your current settings:
AdminTask.listSTSAssignedEndpoints()If the endpoint of interest is currently associated with a token, do not use the assignSTSEndpointTokenType command. To update the token associated with the endpoint, use the updateSTSEndpointTokenType command in the next step.
- Associate a token with an endpoint.
Use the assignSTSEndpointTokenType command to specify the token to issue for access to a specific endpoint. We do not need to specify the name of the token provider to assign if the token provider is set as the default configuration. For example, the following command assigns the Security Context Token default token to the http://www.mycompany.com:8080/Ecommerce/Catalog endpoint URI:
AdminTask.assignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog')If Security Context Token is not the default token provider.
AdminTask.assignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog', '-LocalName Security Context Token')The command returns a message indicating the success of the operation.- Save the configuration changes.
To save the changes:
AdminConfig.save()- Reload the modified configuration changes.
To force the trust service to reload your modified configuration without restarting the application server:
AdminTask.refreshSTS()
- Disassociate a token from an endpoint.
- Examine the current endpoint configuration.
Use the listSTSAssignedEndpoints to view a list of each endpoint URI with assigned token providers, as the following example describes:
AdminTask.listSTSAssignedEndpoints()The following sample output is displayed:'http://www.mycompany.com:8080/Ecommerce/Catalog'- Choose the endpoint to edit.
Use the querySTSEndpointTokenType to return the token provider associated with the endpoint of interest. Enter the following command to view the token provider associated with the http://www.mycompany.com:8080/Ecommerce/Catalog endpoint URI:
AdminTask.querySTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog')The following sample output is displayed:'Security Context Token'- Disassociate the token type from the endpoint.
Use the unassignSTSEndpointTokenType command to disassociate the token provider and endpoint configuration. The following command removes the Security Context Token token provider associated with the http://www.mycompany.com:8080/Ecommerce/Catalog endpoint URI:
AdminTask.unassignSTSEndpointTokenType('http://www.mycompany.com:8080/Ecommerce/Catalog', '-LocalName Security Context Token')The command returns a message indicating the success of the operation.- Save the configuration changes.
To save the changes:
AdminConfig.save()- Reload the modified configuration changes.
To force the trust service to reload your modified configuration without restarting the service:
AdminTask.refreshSTS()
Configure trust service endpoint targets Configure secure sessions between clients and services Query the trust service Manage existing token providers Add and remove token provider custom properties STSManagement