+

Search Tips   |   Advanced Search

Token type settings

Use the administrative console to define the details about the token types. This panel is displayed differently for each different token type. Policies can be defined that specify which types of security tokens are supported as well as properties for the token type.

To view token types for a policy set:

  1. Click...

      Services > Policy sets > Application policy sets > policy_set_name

  2. Click the WS-Security policy in the Policies table.

  3. Click the Main policy link or the Bootstrap policy link.

  4. Click one of the following:

    • Request token policies from the Policy detail section.
    • Response token policies from the Policy detail section.
    • Symmetric signature and encryption policies from the Key symmetry section.
    • Asymmetric signature and encryption policies from the Key symmetry section.

  5. For a Request token policy or a Response token policy, click a token from the Supported Token Types table or click the Add Token Type button to select the type of token to add.

  6. For a symmetric signature and encryption policy or an asymmetric signature and encryption policy, click Edit Selected Type Policy.

This panel is displayed for each token type we are configuring or adding. It displays fields for some token types and not for others. This help topic contains all of the fields for each of the token types and describes which token is being configured for each field.


Custom token name

For a custom token, specify the name of the token being configured. Enter or edit the name for the custom token in this entry field.


Local name

For a custom token, specify the local name.

If the custom token type is used to generate a Kerberos token as defined in the OASIS Web Services Security Specification for Kerberos Token Profile v1.1, use one of the values in the following table for the local name. The value we choose depends on the specification level of the Kerberos token generated by the Key Distribution Center (KDC). The table lists the values and the specification level associated with each value. For purposes of interoperability, the Basic Security Profile V1.1 standard requires the use of the local name, http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ.

Local name value for Kerberos token Associated specification level
http://docs.oasis-open.org/wss/oasiswss- kerberos-token-profile-1.1#Kerb erosv5_AP_REQ Kerberos V5 AP-REQ as defined in the Kerberos specification. This value is used when the Kerberos ticket is an AP Request.
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ GSS-API Kerberos V5 mechanism token containing a KRB_AP_REQ message as defined in RFC-1964 [1964], Sec. 1.1 and its successor RFC-4121, Sec. 4.1. This value is used when the Kerberos ticket is an AP Request (ST + Authenticator).
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5_AP_REQ1510 Kerberos V5 AP-REQ as defined in RFC1510. This value is used when the Kerberos ticket is an AP Request per RFC1510.
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510 GSS-API Kerberos V5 mechanism token containing a KRB_AP_REQ message as defined in RFC-1964, Sec. 1.1 and its successor RFC-4121, Sec. 4.1. This value is used when the Kerberos ticket is an AP Request (ST + Authenticator) per RFC1510.
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5_AP_REQ4120 Kerberos V5 AP-REQ as defined in RFC4120. This value is used when the Kerberos ticket is an AP Request per RFC4120.
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ4120 GSS-API Kerberos V5 mechanism token containing an KRB_AP_REQ message as defined in RFC-1964, Sec. 1.1 and its successor RFC-4121, Sec. 4.1. This value is used when the Kerberos ticket is an AP Request (ST + Authenticator) per RFC4120.


URI

For a custom token, specify the uniform resource identifier (URI).

Leave this field empty, if the custom token type is used to generate a Kerberos token as defined in the OASIS Web Services Security Specification for Kerberos Token Profile v1.1.


LTPA token name

For an LTPA token, specify the name of the token being configured. Enter or edit the name for the LTPA token in this entry field.


Propagate the JAAS subject

For an LTPA token, specify whether the associated JAAS subject is propagated. Select this check box to propagate the JAAS subject. The default is not selected. Therefore, the JAAS subject is not propagated by default.


Username token name

Specify the name of the token being configured. Enter or edit the name for the username token in this entry field.


WS-Security version

For a Username token, specify the version of Web Services Security, the WS-Security specification, used to secure the message transmission.

The following versions are available:


X.509 token name

For a X.509 token, specify the name of the token being configured. Enter or edit the name for the X.509 token in this entry field.


WS-Security version

For a X.509 token, specify the version of Web Services Security used to secure the message transmission.

The following versions are available:


X.509 type

For a X.509 token, specify the type of X.509 token being configured.

The following types are available for the X.509 token:


Secure conversation token

The secure conversation token is available only when using symmetric signature and encryption policies.


Require reference to secure context token issuer

For a secure conversation token, select this option to specify a reference to the issuer of the security context token.

After selecting the Require reference to secure context token issuer option, specify the URI of the security context token issuer.

  • Configure the WS-Security policy
  • Manage policy sets
  • Request or Response token policies collection
  • Asymmetric signature and encryption policies settings
  • Symmetric signature and encryption policies settings
  • Application policy sets collection
  • Application policy set settings