Configuring trust association using scripting

You can use the wsadmin tool to configure and manage trust association configurations in the global or multiple security domain environments. Trust association enables the integration of the application server security and third-party security servers. Examples that use trust association are web single sign-on (SSO) and reverse proxy.

Before you begin

You must meet the following requirements before configuring trust association for a security domain:
  • You must have the administrator or new admin role.
  • Enable global security in your environment.
  • Configure multiple realms using security domains in your environment.

Procedure

  1. Launch the wsadmin scripting tool using the Jython scripting language. See the Starting the wsadmin scripting client article for more information.
  2. Enable trust association.
    The following Jython command enables trust association for the testDomain security doman:
    AdminTask.configureTrustAssociation('-securityDomainName testDomain -enable true')
  3. Configure the trust association interceptors.
    • Use the configureInterceptor command to add a custom interceptor. The following Jython command uses the configureInterceptor command to configure a custom interceptor for the testDomain security domain.
      AdminTask.configureInterceptor('-interceptor com.company.customInterceptor -securityDomainName testDomain 
-customProperties ["p1=value1","p2=value2"]')
    • Use the configureInterceptor command to modify an existing interceptor. The following Jython command uses the configureInterceptor command to modify a custom interceptor for the testDomain security domain.
      AdminTask.configureInterceptor('-interceptor com.company.customInterceptor -securityDomainName testDomain 
-customProperties ["p1=value1.1","p2=value3"]')
    • Use the configureInterceptor command to add or modify the SAML SSO interceptor. The following Jython command uses the configureInterceptor command to configure the SAML SSO interceptor for the testDomain security domain:
      AdminTask.configureInterceptor('-interceptor com.ibm.ws.security.web.saml.ACSTrustAssociationInterceptor 
-securityDomainName testDomain -customProperties ["sso_1.sp.acsUrl=https://company.com/was1/samlsps/sso1Sp",
"sso_1.sp.filter=request-url%=snoop","sso_1.sp.login.error.page=https://company.com/idP1/login.aspx",
"sso_1.sp.acsErrorPage=https://company.com/index.html","sso_2.sp.acsUrl=https://company.com/was1/samlsps/sso2Sp",
"sso_2.sp.filter=request-url%=appA","sso_2.sp.login.error.page=https://company.com/idP2/login.aspx",
"sso_1.sp.acsErrorPage=https://company.com/index.html" ] ')
  4. Save your configuration changes.
    Use the following command example to save your configuration changes:
    AdminConfig.save()