You can use the wsadmin tool to configure and manage trust association configurations in
the global or multiple security domain environments. Trust association enables the integration of
the application server security and third-party security servers. Examples that use trust
association are web single sign-on (SSO) and reverse proxy.
Before you begin
You must meet the following requirements before configuring trust association for a security
domain:
- You must have the administrator or new admin role.
- Enable global security in your environment.
- Configure multiple realms using security domains in your environment.
Procedure
- Launch the wsadmin scripting tool using the Jython scripting
language. See the Starting the wsadmin scripting client article for
more information.
- Enable trust association.
The following Jython command enables trust association for the
testDomain security
doman:
AdminTask.configureTrustAssociation('-securityDomainName testDomain -enable true')
- Configure the trust association interceptors.
- Use the configureInterceptor command to add a custom interceptor. The
following Jython command uses the configureInterceptor command to configure a
custom interceptor for the testDomain security
domain.
AdminTask.configureInterceptor('-interceptor com.company.customInterceptor -securityDomainName testDomain
-customProperties ["p1=value1","p2=value2"]')
- Use the configureInterceptor command to modify an existing interceptor. The
following Jython command uses the configureInterceptor command to modify a custom
interceptor for the testDomain security
domain.
AdminTask.configureInterceptor('-interceptor com.company.customInterceptor -securityDomainName testDomain
-customProperties ["p1=value1.1","p2=value3"]')
- Use the configureInterceptor command to add or modify the SAML SSO
interceptor. The following Jython command uses the configureInterceptor command
to configure the SAML SSO interceptor for the testDomain security
domain:
AdminTask.configureInterceptor('-interceptor com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor
-securityDomainName testDomain -customProperties ["sso_1.sp.acsUrl=https://company.com/was1/samlsps/sso1Sp",
"sso_1.sp.filter=request-url%=snoop","sso_1.sp.login.error.page=https://company.com/idP1/login.aspx",
"sso_1.sp.acsErrorPage=https://company.com/index.html","sso_2.sp.acsUrl=https://company.com/was1/samlsps/sso2Sp",
"sso_2.sp.filter=request-url%=appA","sso_2.sp.login.error.page=https://company.com/idP2/login.aspx",
"sso_1.sp.acsErrorPage=https://company.com/index.html" ] ')
- Save your configuration changes.
Use the following command example to save your configuration
changes:
AdminConfig.save()