Before you begin
Prior to completing this task, you must complete the following steps:Why and when to perform this task
A security token represents a set of claims that are made by a client. This set of claims might include a name, password, identity, key, certificate, group, privilege, and so on. A security token is embedded in the Simple Object Access Protocol (SOAP) message within the SOAP header. The security token within the SOAP header is propagated from the message sender to the intended message receiver. On the receiving side, the security handler for WebSphere Application Server authenticates the security token and sets up the caller identity on the running thread.
Complete the following steps to configure a token consumer for either the client-side bindings in step 2 or the server-side bindings in step 3:
Steps for this task
jaas.config name | Value type |
---|---|
system.wssecurity.UsernameToken | Username Token |
system.wssecurity.IDAssertionUsernameToken | Username Token (for IDAssertion) |
system.wssecurity.X509BST | X509 certificate token |
system.wssecurity.PkiPath | X509 certificates in a PKIPath |
system.wssecurity.PKCS7 | X509 certificates and CRLs in a PKCS#7 |
The implementation is initialized with a list of trusted identity names. The trusted identities are specified as trustedIDEvaluator properties in the binding file. When a name is evaluated, it is checked against a list of trusted identity names. If the name is in the list, it is trusted and if the name is not in the list, it is not trusted.
Name | Value |
---|---|
com.ibm.wsspi.wssecurity.token.Username.verifyNonce | true |
com.ibm.wsspi.wssecurity.token.Username.verifyTimestamp | true |
If you select the Certificate path reference option, complete the following steps:
What to do next
Configure the key information if this token consumer configuration is for an X.509 security token. For more information, see Configuring key information for the consumer binding with an assembly tool.Related concepts
Trusted ID evaluator
Related tasks
Configuring the security token requirement in consumer security constraints
Configuring the security token in generator security constraints
Configuring key information for the consumer binding with an assembly
tool