Manage existing token providers using wsadmin.sh
Use the wsadmin tool, which supports the Jython and Jacl scripting languages, to manage the trust service. Use this topic to modify token provider configuration data, and to add custom properties.
We must have an existing token provider configured in the trust service.
Use the commands in the STSManagement group of the AdminTask object to modify existing configuration data.
Use the updateSTSTokenTypeConfiguration command to update existing properties for a specific token provider configuration. If we specify the -distributedCache parameter, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for the -distributedCache parameter for custom tokens.
This topic includes examples for modifying existing non-custom configuration data.
Tasks
- Determine the token provider configuration to edit.
Enter the following command to view the list of names of the configured token providers:
AdminTask.listSTSConfiguredTokenTypes()- Review the current configuration data for the token provider configuration to edit.
Enter the following command to view a Properties object containing all non-custom configuration data for the Security Context Token token provider:
AdminTask.querySTSTokenTypeConfigurationDefaultProperties('Security Context Token')- Update the token provider configuration with new configuration data.
Determine which parameters to update in the configuration, using the following table as a reference:
Parameter Data type LocalName Unique token provider name as the target object of the command.
String, required -HandlerFactory Configuration class name, including package information.
String, required -URI Unique token type schema URI.
String, required -lifetimeMinutes Amount of time, in minutes, that the token is valid.
Integer, optional Default: 120 (minutes)
Minimum: 10 (minutes)
-renewalWindowMinutes Amount of time after the token expires during which the token can be renewed.
Integer, optional Default: 120 (minutes)
Minimum: 10 (minutes)
-postdatable Set to true to specify that tokens of the token provider are valid at a later time. Tokens can be created with or without a future start time.
Boolean, optional Default: false
-distributedCache (deprecated) Set to true to enable distributed cache. If we specify the -distributedCache parameter, the security context token provider generates a warning and modifies the WS-Security distributed cache configuration. Do not specify a value for the -distributedCache parameter for custom tokens.
Boolean, optional Default: false
-renewableAfterExpiration Set to true to specify that tokens of the token provider are renewable after expiration.
Boolean, optional Default: false
-tokenCacheFactory (deprecated) The fully qualified class name for the token provider. The secure conversation token handler class does not recognize this parameter.
String, optional Default:
com.ibm.ws.wssecurity.platform.websphere.trust .server.sts.ext.cache.STSTokenCacheFactoryImplUse the updateSTSTokenTypeConfiguration command to update the configuration data for the Security Context Token token provider. The following example changes the time that the token is valid from 60 minutes to 100 minutes, disables token renewal after expiration, and enables distributed caching:
AdminTask.updateSTSTokenTypeConfiguration('Security Context Token', '[-lifetimeMinutes 100 -renewableAfterExpiration false -distributedCache true]')The command returns a message indicating the success or failure of the operation.
- Save the configuration changes.
To save the changes:
AdminConfig.save()- Reload the modified configuration changes.
To force the trust service to reload your modified configuration without restarting the application server:
AdminTask.refreshSTS()
Configure secure sessions between clients and services Query the trust service Add and remove token provider custom properties Associating token providers with endpoint services (targets) Trust service token provider settings STSManagement