Most of the time, In most instances it is necessary to secure the Security Token Service. According the Trust Brokering model defined in the WS-Trust specification, the subject (user) should authenticate himself to the STS before obtaining a token. STS may use this authentication information when constructing the security token. For example, STS may populate the required claims based on the user name provided by the subject. You can apply a security policy for STS by clicking on the "Apply Security Policy" link.
Follow the instructions below to secure the Security Token Service.1. Sign in. Enter your user name
- To sign in, enter your username and password to
...
- login to the Management Console.
...
- Access the Manage menu under Main.
...
- Select Security Token Service
...
- under Manage.
...
...
- Click on the
...
- Apply Security Policy
...
- link on the
...
- STS Configuration
...
- page.
...
- Select Yes from the dropdown to Enable Security and select a pre-configured security scenario according to your requirements.
...
- Click on the
...
- Next
...
- button.
...
- Specify the
...
- Trusted Key Stores
...
- and Private key Store.
...
...
- Click on the
...
- Finish
...
- button.
...
- Click
...
- OK
...
- in the WSO2 dialog window.
| Excerpt | ||
|---|---|---|
| ||
Instructions on how to secure the Security Token Service. |