Required security token settings
Specifies accepted stand-alone security tokens within a consumed message. Stand-alone security tokens are those not already used for signature or encryption. Defining a required security token means that messages containing a token of that type will be processed according to the usage assertion. The security token will not be used for authentication unless it is also specified within a caller.
Console path:
Service integration -> Web services -> WS-Security configurations -> v1-inbound-config_name -> [Request consumer] Required Security Token -> required-security-token_name.
Configuration tab
The Configuration tab shows configuration properties for this object. These property values are preserved even if the runtime environment is stopped then restarted.
General Properties
Name
The name of the security token.
Information Value Required Yes Data type String
URI
Namespace URI of the security token.
Namespace Uniform Resource Identifier (URI) of the security token within the consumed message.
If we specify a Username token or X.509 certificate security token, we do not have to specify a URI. If we specify a custom token, enter the URI of the QName for the value type. If we specify LTPA, enter the following WebSphere Application Server predefined value type URI: http://www.ibm.com/websphere/appserver/tokentype/5.0.2. If we specify LTPA propagation (LTPA_PROPAGATION), enter the following WAS predefined value type URI: http://www.ibm.com/websphere/appserver/tokentype.
Information Value Required No Data type String
Local name
Local name of the security token.
WAS has the following predefined local name value types:
- Username token
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken
- X509 certificate token
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
- # X509 certificates in a PKIPath
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1
- A list of X509 certificates and CRLs in a PKCS#7
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#PKCS7
- LTPA
- For LTPA, the local name value type is LTPA.
- LTPA_PROPAGATION
- For LTPA token propagation, the local name value type is LTPA_PROPAGATION.
- If we enter LTPA in the Local name field, we must also specify the URI value http://www.ibm.com/websphere/appserver/tokentype/5.0.2 in the URI field.
- If we enter LTPA_PROPAGATION in the Local name field, we must also specify the URI value http://www.ibm.com/websphere/appserver/tokentype in the URI field.
- If we enter any of the other predefined local name value types, we can leave the URI field blank. For example, to specify "Username token", enter http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken in the Local name field and do not enter a value in the URI field.
- If we specify a custom value type for a custom token, specify the local name and the URI of the Quality name (QName) of the value type. For example, we might enter Custom in the Local name field, and http://www.ibm.com/custom in the URI field.
Information Value Required Yes Data type String
Usage
Indicates the assertion of the required security token constraint.
Information Value Required Yes Data type drop-down list Range
- Optional
- Both messages that meet or do not meet the required integrity constraint are accepted.
- Required
- The required integrity constraint must be met by the incoming message.