This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

WSO2 Identity Server's security token service (STS) is used as the WS-Trust implementation. The STS is capable of issuing SAML 1.1 and 2.0 security tokens and has a SOAP/XML API for token issuance. This API can be secured with the UserNameToken or with any other WS-Security mechanism.

Configuring STS

STS is configured under the Resident Identity Provider section of the Identity Server Management Console. Use the following step to do the configurations.

  1. Configure the Resident Identity Provider. See here for more detailed information on how to do this.
  2. In the Resident Identity Provider page, expand the Inbound Authentication Configuration section along with the WS-Trust/WS-Federation(Passive) Configuration section.
  3. Click Apply Security Policy.
  4. Select Yes in the Enable Security? dropdown and select UsernameToken under the Basic Scenarios section.
  5. Click Next.
  6. In the resulting page, select the admin checkbox and click Finish.
  7. Click Ok on the confirmation dialog window that appears and click Update to complete the process.

Now STS is configured and secured with a username and password. Only users with the Admin role can consume the service.

The next step is to add a service provider to consume the STS.

Adding a service provider for the STS client

  1. See here for details on adding a service provider. 
  2. Expand the Inbound Authentication Configuration section and the WS-Trust Security Token Service Configuration section. Click Configure.
  3. In the resulting screen, enter the Endpoint Address. This must be used as the service URL and the token is delivered by the STS client.
  4. Click Update to save the changes made to the service provider.
Related Topics
  • After configuring the service provider, you need to run the STS client. See Running an STS Client to try out a sample STS client.
  • No labels