+

Search Tips   |   Advanced Search

Trusted ID evaluator configuration settings

Use this information to configure trust identity (ID) evaluators.

This administrative console page applies only to JAX-RPC applications.

To view this administrative console page for trusted ID evaluators on the cell level:

  1. Click Security > JAX-WS and JAX-RPC security runtime.

  2. Under Additional properties, click Trusted ID evaluators.

  3. Click New to create a trusted ID evaluator or click the name of an existing configuration to modify its settings.

To view this administrative console page for trusted ID evaluators on the server level:

  1. Click Servers > Server Types > WebSphere application servers > server.

  2. Under Security, click security runtime.

    Mixed-version environment: In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv

  3. Under Additional properties, click Trusted ID evaluators.

  4. Click New to create a trusted ID evaluator or click the name of an existing configuration to modify the settings.

To view this administrative console page for trusted ID evaluators on the application level:

  1. Click Applications > Application Types > WebSphere enterprise applications > application_name.

  2. Under Modules, click Manage modules > URI_name.

  3. Under Web Services Security Properties, click Web services: Server security bindings.

  4. Under Request receiver binding, click Edit.

  5. Click Trusted ID evaluators.

  6. Click New to create a trusted ID evaluator or click Delete to delete a trusted ID evaluator.

Important: Trusted ID evaluators are only required for the request consumer (Version 6.x applications), if identity assertion is configured.

We can specify one of the following options:

None

Choose this option if we are not specifying a trusted ID evaluator.

Existing evaluator definition

Choose this option to specify a currently defined trusted ID evaluator.

Binding evaluator definition

Choose this option to specify a new trusted ID evaluator. A description of the required fields follows.


Trusted ID evaluator name

Name used by the application binding to refer to a trusted identity (ID) evaluator defined in the default binding.


Trusted ID evaluator class name

Class name of the trusted ID evaluator.

The specified trusted ID evaluator class name must implement the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator interface. The default TrustedIDEvaluator class is com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorImpl. When we use this default TrustedIDEvaluator class, specify the name and the value properties for the default trusted ID evaluator to create the trusted ID list for evaluation.

To specify the name and value properties:

  1. Under Additional properties, click Properties > New.

  2. Trusted ID evaluator name as a property name. Trusted ID evaluator name in the form, trustedId_n, where _n is an integer from zero (0) to n.

  3. Trusted ID as a property value.

For example:

property name="trustedId_0", value="CN=Bob,O=ACME,C=US"
property name="trustedId_1", value="user1"
If a distinguished name (DN) is used, the space is removed for comparison.

Information Value
Default com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorImpl

See the programming model information in the documentation for an explanation of how to implement the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator interface.

  • Configure trusted ID evaluators on the server or cell level
  • Trusted ID evaluator collection