9.4 Configuring WS-Trust STS

Before a Web service can invoke operations on STS, you must enable WS-Trust and configure it in Access Manager. This section discusses the following topics:

9.4.1 Enabling WS-Trust

Access Manager ships with only SAML 1.1, Liberty, and SAML 2.0 enabled by default. To use the WS-Trust protocol, you must enable it on the Identity Server.

To enable WS-Trust, perform the following steps:

  1. In the Administration Console, click Devices > Identity Servers > Edit.

  2. In the Enabled Protocols section, select WS-Trust.

  3. Click OK.

  4. Update the Identity Server.

9.4.2 Configuring Access Manager for WS-Trust STS

To configure WS-Trust STS, perform the following steps:

  1. In the Administration Console, click Devices > Identity Servers > Edit.

  2. Select WS-Trust > STS Configuration.

  3. Specify the following details:

    Token Lifetime: Specify the duration in seconds for which the token is valid. The default value is 360 seconds.

    Token Issuer: Specify the name of the issuer of the authentication token.

    Authentication Methods: Select methods that can be used for authentication at STS for WS-Trust.

    Select and move methods from Available Authentication Methods to Selected Authentication Methods.

    Tokens: Select the type of tokens that can be issued for authentication at STS for WS-Trust. SAML 1.1 and SAML 2.0 tokens are supported. If you select both token types, the token type configured in the service provider is returned.

  4. Click Apply.

9.4.3 Viewing STS Service Details

EndPoint URL is the SOAP endpoint of STS. The Web service client and Web service provider must be configured to these endpoints.

In the Administration Console under Devices > Identity Servers > Edit > WS-Trust > EndPoint Summary, you can view the following STS EndPoint details:

Service Name: The name of the STS service endpoint that is configured in the Web service client.

Port Name: The port that STS implements. This is configured in the Web service client.

MEX EndPoint URI: The MetadataExchange endpoint of STS.

WSDL of STS Username authentication: WSDL location for username authentication. This file is used by applications that use the token service with username authentication.

WSDL of STS SAML authentication: WSDL location for SAML. This file is used by applications that use the token service with SAML authentication.