Creating a security profile for WS-Trust V1.3 (TFIM V6.2)
You can create a security profile for a WS-Trust V1.3 compliant Security Token Service (STS), for example, Tivoli® Federated Identity Manager (TFIM) V6.2, for any combination of the following security operations: authentication, authorization, and mapping.
About this task
Creating a profile by using mqsicreateconfigurableservice
About this task
http://stsserver.mycompany.com:9080/TrustServerWST13/services/RequestSecurityToken
Procedure
mqsicreateconfigurableservice integrationNodeName -c SecurityProfiles
-o profilename -n mapping,mappingConfig
-v "WS-Trust v1.3 STS",http://stsserver.mycompany.com:9080/TrustServerWST13/services/RequestSecurityToken
To specify that you want the security manager to reject a user name during authentication if the user name has an empty password token, set rejectBlankpassword to TRUE. The default is FALSE, which means that a user name is authenticated against the WS-Trust server even if it has an empty password token.
https://
,
an SSL secured connection is used for requests to the WS-Trust v1.3
server. For example, to create a security profile that uses an HTTPS
connection to WS-Trust v1.3 for mapping, enter the following command:mqsicreateconfigurableservice integrationNodeName -c SecurityProfiles
-o profilename -n mapping,mappingConfig
-v "WS-Trust v1.3 STS",https://stsserver.mycompany.com:9080/TrustServerWST13/services/RequestSecurityToken
https://
, you can configure
the following advanced parameters, by setting integration node environment
variables:
If WS-Trust v1.3 STS is selected for more than one operation (for example, for authentication and mapping), the WS-Trust v1.3 server URL must be identical for all the operations, and is therefore specified only once.
mqsicreateconfigurableservice MYBROKER -c SecurityProfiles -o MyWSTrustProfile
-n authentication,mapping,authorization,propagation,mappingConfig
-v "WS-Trust v1.3 STS","WS-Trust v1.3 STS","WS-Trust v1.3 STS",TRUE,http://stsserver.mycompany.com:9080/TrustServerWST13/services/RequestSecurityToken