You can use the wsadmin tool, which supports the Jython
and Jacl scripting languages, to manage the trust service. Use this
topic to modify token provider configuration data, and to add custom
properties.
Before you begin
You must have an existing token provider configured in
the trust service.
About this task
Use the commands in the STSManagement group of the AdminTask
object to modify existing configuration data.
Use the updateSTSTokenTypeConfiguration command
to update existing properties for a specific token provider configuration.
If you specify the -distributedCache parameter, the security context
token provider generates a warning and modifies the WS-Security distributed
cache configuration. Do not specify a value for the -distributedCache
parameter for custom tokens.
This topic includes examples for
modifying existing non-custom configuration data.
Procedure
- Determine the token provider configuration to edit.
Enter the following command to view the list of names of
the configured token providers:
AdminTask.listSTSConfiguredTokenTypes()
- Review the current configuration data for the token provider
configuration to edit.
Enter the following command
to view a Properties object containing all non-custom configuration
data for the Security Context Token token provider:
AdminTask.querySTSTokenTypeConfigurationDefaultProperties('Security Context Token')
- Update the token provider configuration with new configuration
data.
Determine which parameters to update in your
configuration, using the following table as a reference:
Table 1. Command parameters . Run
the updateSTSTokenTypeConfiguration command with parameters to update
the token provider configuration.
Parameter |
Data type |
LocalName Specifies the unique token
provider name as the target object of the command.
|
String, required |
-HandlerFactory Specifies the configuration
class name, including package information.
|
String, required |
-URI Specifies the unique token type
schema URI.
|
String, required |
-lifetimeMinutes Specifies the amount
of time, in minutes, that the token is valid.
|
Integer, optional Default: 120 (minutes)
Minimum:
10 (minutes)
|
-renewalWindowMinutes Specifies the
amount of time after the token expires during which the token can
be renewed.
|
Integer, optional Default: 120 (minutes)
Minimum:
10 (minutes)
|
-postdatable Set to true to
specify that tokens of the token provider are valid at a later time.
Tokens can be created with or without a future start time.
|
Boolean, optional Default: false
|
-distributedCache (deprecated) Set
to true to enable distributed cache. If you specify the -distributedCache
parameter, the security context token provider generates a warning
and modifies the WS-Security distributed cache configuration. Do not
specify a value for the -distributedCache parameter for custom tokens.
|
Boolean, optional Default: false
|
-renewableAfterExpiration Set to true to
specify that tokens of the token provider are renewable after expiration.
|
Boolean, optional Default: false
|
-tokenCacheFactory (deprecated) Specifies
the fully qualified class name for the token provider. The secure
conversation token handler class does not recognize this parameter.
|
String, optionalDefault: com.ibm.ws.wssecurity.platform.websphere.trust
.server.sts.ext.cache.STSTokenCacheFactoryImpl
|
Use the updateSTSTokenTypeConfiguration command
to update the configuration data for the Security Context Token token
provider. The following example changes the time that the token is
valid from 60 minutes to 100 minutes, disables token renewal after
expiration, and enables distributed caching:
AdminTask.updateSTSTokenTypeConfiguration('Security Context Token', '[-lifetimeMinutes 100
-renewableAfterExpiration false -distributedCache true]')
The command returns a message indicating the success or failure
of the operation.
- Save your configuration changes.
Use the
following command to save your changes:
AdminConfig.save()
- Reload the modified configuration changes.
Use
the following command to force the trust service to reload your modified
configuration without restarting the application server:
AdminTask.refreshSTS()