Trust service attachments collection
View information about or manage system policy set attachments and bindings. Endpoints with at least one operation directly attached to a policy set are displayed.
This page displays each endpoint that has at least one operation that is directly attached to a system policy set. The operations for other endpoints inherit the trust service default policy set and binding data. We can click New Attachment to create explicit attachments for endpoints not displayed, or click Attach to change the policy set for an operation. Changing the system policy set for an operation removes the binding data for that operation, and resets that data to the system default binding settings. We can also click Assign Binding to create a new binding configuration or change the existing binding configuration for the selected operation.
From the admin console, click Services > Trust service > Trust service attachments.
Depending on the assigned security role when security is enabled, we might not have access to text entry fields or buttons to create or edit configuration data. Review the administrative roles documentation to learn more about the valid roles for the application server.
Show confirmation for update runtime command
Enable or disable the display of the confirmation window before the Web Services Security runtime configuration is updated for supported tokens, targets, and trust service attachments.
Click Preferences to expand the information. We can select or clear the Show confirmation for update runtime command check box. If we do not select this check box, updates to the security runtime configuration are made without first displaying a confirmation window. If we select the check box, the confirmation window is displayed before updates to the security runtime configuration are made.
Information Value Data type: Check box Default: Enabled (check box is selected)
Retain filter criteria
Retain the filter criteria.
Click Preferences to expand the information. We can select or deselect the Retain filter criteria check box. This check box determines whether Endpoint URL is used as the filter criteria to reduce the displayed list of endpoints.
Information Value Data type: String Default: All (check box is not selected)
Search terms
Search criteria to use to reduce the displayed list of endpoints.
Click Preferences to expand the information. Type the search term we want to use in the Search terms field. Use the asterisk (*) as a wildcard character for all terms. We can also search for multiple unknown or partial characters within the term. For example, typing the search term par* returns partly, participate, partial, and all other terms beginning with the letters par.
Information Value Data type: String Default: * (search for all)
Select
To select an existing resource, such as an endpoint or an operation, for further actions.
For existing endpoints, select the check box next to an operation, and then select one of the following actions:
Actions Description Attach Display a list of policy sets available to be attached to an endpoint operation (cancel, reset, validate, or issue) or to one of the trust service default operations. Highlight and click the policy set to attach the policy set to the selected operation. We cannot attach a policy set to an endpoint. Inherit operation defaults Detaches the currently attached policy set and binding for each selected operation and sets the operation to inherit the trust service default policy set and binding for each operation. Assign binding Lists the bindings available to select for the policy set to which we want to attach the binding. We can also create a new binding.
- Select Default to create and assign the system default binding to the selected policy set attachment. When we select this binding the runtime uses the default binding for the server, cell or in the multiple security domain environment to which the service resource is deployed.
- Select New Trust Service Specific Binding to create a binding that is specific to the policy set and shares the characteristics of the policy set. This type of binding is reusable only for trust service attachments.
- Select an existing general binding to assign the binding to the selected policy set attachment.
Multiple selection is valid only when all the resources have the same policy set attached.
New attachment
To create an explicit policy set attachment.
Click New Attachment to access a new panel where we can enter an endpoint URL to create attachments for each of the four endpoint operations of the provided URL. Initially, the attachment consists of the policy set and binding listed as the Trust Service Default for that operation.
Information Value Data type: Button
Update runtime
Updates the trust service configuration for any changed attachments, targets, and token information.
If the Show confirmation for update runtime command preference is enabled, then a panel is displayed where we can confirm to update the trust service configuration. If the preference is disabled, the trust service configuration is updated immediately without any confirmation.
Information Value Data type: Button
Service endpoint URL / Operation
Display a list of the trust service default operation attachments and every service endpoint URL that has at least one operation with a policy set attached.
Each endpoint has four operations: issue, cancel, renew, and validate. Each of the operations for all other endpoints inherits the trust service default policy set and binding.
When the URL in the trust service attachment does not match the URL to which the trust service request is sent, the policy set defined in the attachment is not applied. Instead, IBM WebSphere Application Server uses the policy set that is attached to the default for the trust operation.
Information Value Data type: String Default: Trust Service Default
Policy set
Display the attached or inherited policy set for each operation of all endpoint URLs. Any endpoint URL that is not displayed inherits the trust service default policy set for each operation. Provides a list of default and custom system policy sets that are attached to the service endpoint URL.
The policy set names are displayed in this column for each operation. If the policy set is inherited from the trust service default, rather than being explicitly attached, inherited is displayed in parentheses following the policy set name. Because only operations can have a policy set attachment, the Policy Set column for each endpoint URL row displays Not applicable.
Click the system policy set name to view or edit the policy set details information. Note that we can view, but not edit, the default policy sets. Default policy sets cannot be changed.
Information Value Data type: String Defaults: TrustServiceSecurityDefault, TrustServiceSymmetricDefault or SystemWSSecurityDefault
Binding
Display the binding that is assigned to each policy set attachment for each operation of the listed endpoint URLs. Any endpoint URL that is not displayed inherits the trust service default binding for each of the four operations.
The name of the assigned binding for each policy set attachment is displayed in this column for each operation. If the attachment is inherited from the trust service default, inherited is displayed in parentheses following the binding name. If we select Assign Binding > Default, the system default binding is applied to the policy set attachment, and the word Default is displayed in this column. If the system default binding is inherited, then inherited is displayed in parentheses following Default.
The system default binding is also assigned when you attach a new policy set to an operation. Because only operations can have policy set attachments, the binding column for each endpoint URL row displays Not applicable. Rows that are not directly related to a token and display the trust service default, display the text, Not applicable, for the binding. Additionally, rows that are not directly related to a token and display only the service endpoint URL display the text, Not applicable, for the binding.
Click the trust service specific binding name to view or edit the binding information. We can view, but not edit, the TrustServiceSecurityDefault, TrustServiceSymmetricDefault or SystemWSSecurityDefault bindings.
Information Value Data type: String Default: TrustServiceSecurityDefault, TrustServiceSymmetricDefault or SystemWSSecurityDefault
Configure attachments for the trust service Create a service endpoint attachment Deleting application-specific bindings from the configuration Trust service attachments settings Administrative roles