...
Securing the Security Token Service
According to the Trust Brokering model defined in the WS-Trust specification, the users should authenticate themselves to the STS before obtaining a token. STS may use this authentication information when constructing the security token. For example, STS may populate the required claims based on the user name provided by the subject. Therefore, the STS service needs to be secured.
...
- Log in as an admin to access the management console.
- Configure the Resident Identity Provider. See here for more detailed information on how to do this.
- In the Resident Identity Provider page, expand the Inbound Authentication Configuration section along with the Security Token Service Configuration section.
- Click Apply Security Policy.
Select Yes in the Enable Security? dropdown and select a pre-configured security scenario according to your requirements. In this case, we will use UsernameToken under the Basic Scenarios section.
Note You can find further details about security policy scenarios from the view scenario option.
Click Next.
Info Next steps may vary as per the security scenario that you have chosen under point (5) above. Below is for UsernameToken scenario.
- Select ALL-USER-STORE-DOMAINS from the drop-down.
In the resulting page, select the role you created to grant permission to access secured service. In this example, the admin role is used. Next, click Finish.
Note The Select Domain drop-down lists many domains. The listed User Groups can vary depending on the domain selected.
- Click Ok on the confirmation dialog window that appears.
- Click Update to complete the process.
...