Token type settings

Use the administrative console to define the details about the token types. This panel displays differently for each different token type.

You can view token types for a policy set using the following steps:
  1. Click Services > Policy sets > Application policy sets.
  2. Select a policy set name from the table.
  3. Select the WS-Security policies.
  4. Click Main policy or Bootstrap policy.
  5. Click one of the following:
    • Request token policies under the Request polices section.
    • Response token policies under the Response polices section.
    • Symmetric signature and encryption policies under the Key symmetry section.
    • Asymmetric signature and encryption policies under the Key symmetry section.
  6. For a Request token policy or a Response token policy, click a token from the Supported token types table or click the Add Token Type button to select the type of token to add.
  7. For a Symmetric signature and encryption policy or an Asymmetric signature and encryption policy, click the Edit Selected Type Policy action.
This product panel displays for each token type you are configuring or adding. It displays fields for some token types and not for others. This help panel contains all of the fields for each of the token types and describes which token is being configured for each field. The following token types are described in this help topic:
Custom token
Custom token name

Specifies the name of the token being configured. Enter or edit the name for the custom token in this entry field.

Local name

Specifies, when configuring the custom token type, the local name.

If the custom token type is used to generate a Kerberos token as defined in the OASIS Web Services Security Specification for Kerberos Token Profile v1.1, use one of the values listed below for the local name. The value you choose depends on the specification level of the Kerberos token generated by the Key Distribution Center (KDC). The table below lists the values and the specification level associated with each value. For purposes of interoperability, the Basic Security Profile v1.1 standard requires the use of the local name http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ.

Local name value for Kerberos token Associated specification level
http://docs.oasis-open.org/wss/oasiswss- kerberos-token-profile-1.1#Kerb erosv5_AP_REQ Kerberos v5 AP-REQ as defined in the Kerberos specification. This value is used when the Kerberos ticket is an AP Request.
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ GSS-API Kerberos V5 mechanism token containing a KRB_AP_REQ message as defined in RFC-1964 [1964], Sec. 1.1 and its successor RFC-4121, Sec. 4.1. This value is used when the Kerberos ticket is an AP Request (ST + Authenticator).
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5_AP_REQ1510 Kerberos v5 AP-REQ as defined in RFC1510. This value is used when the Kerberos ticket is an AP Request per RFC1510.
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510 GSS-API Kerberos V5 mechanism token containing a KRB_AP_REQ message as defined in RFC-1964, Sec. 1.1 and its successor RFC-4121, Sec. 4.1. This value is used when the Kerberos ticket is an AP Request (ST + Authenticator) per RFC1510.
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5_AP_REQ4120 Kerberos v5 AP-REQ as defined in RFC4120. This value is used when the Kerberos ticket is an AP Request per RFC4120.
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ4120 GSS-API Kerberos V5 mechanism token containing an KRB_AP_REQ message as defined in RFC-1964, Sec. 1.1 and its successor RFC-4121, Sec. 4.1. This value is used when the Kerberos ticket is an AP Request (ST + Authenticator) per RFC4120.
URI

Specifies, when configuring the custom token type, the uniform resource identifier (URI).

Leave this field blank if the custom token type is used to generate a Kerberos token as defined in the OASIS Web Services Security Specification for Kerberos Token Profile v1.1.

LTPA token
LTPA token name

Specifies, for the LTPA token type, the name of the token being configured. Enter or edit the name for the LTPA token in this entry field.

Propagate the JAAS subject

Specifies, for the LTPA token type, whether the associated JAAS subject will be propagated. Select this check box to propagate the JAAS subject. The default value is not selected, so the JAAS subject is not propagated by default.

Username token
Username token name

Specifies the name of the token being configured. Enter or edit the name for the username token in this entry field.

WS-Security version

Specifies the version of Web services security (the WS-Security specification) that is used to secure the message transmission.

The following versions are available:

  • WS-Security 1.0
  • WS-Security 1.1
X.509 token
X.509 token name

Specifies, for the X.509 token type, the name of the token being configured. Enter or edit the name for the X.509 token in this entry field.

WS-Security version

Specifies the version of Web services security (the WS-Security specification) that is used to secure the message transmission.

The following versions are available:

  • WS-Security 1.0
  • WS-Security 1.1
X.509 type

Specifies, when you are configuring the X.509 token, the type of X.509 token being configured.

The following types are available for the X.509 token:

  • X.509 Version 1 This option is available with WS-Security Version 1.1 only.
  • X.509, Version 3
  • X.509 PKCX7
  • PKI Path Version 1
Secure conversation token

The Secure conversation token is available only when using Symmetric signature and encryption policies.

Key derivation requirements

Specifies whether derived keys are required or not.

From the menu, select one of the following options:

Do not require derived keys
Either explicit or implicit key derivation
Require reference to secure context token issuer

Select this option to specify a reference to the issuer of the Security context token.

After selecting the Require reference to secure context token issuer option, specify the Security context token issuer. The Security context token issuer specifies the URI of the issuer of the Security context token.

Require an external URI reference

Select this option to specify that an external URI reference is required when referencing the Security context token.




標示(線上)的鏈結表示需要存取網際網路。

Related tasks
Related reference


檔名: uwbs_wsspstok.html