This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Securing the Security Token Service

In most instances it is necessary to secure the Security Token Service. According the Trust Brokering model defined in the WS-Trust specification, the subject (user) should authenticate himself to the STS before obtaining a token. STS may use this authentication information when constructing the security token. For example, STS may populate the required claims based on the user name provided by the subject. You can apply a security policy for STS by clicking on the "Apply Security Policy" link.

Follow the instructions below to secure the Security Token Service.

  1. To sign in, enter your username and password to login to the Management Console.
  2. Access the Manage menu under Main.
  3. Select Security Token Service under Manage.
  4. Click on the Apply Security Policy link on the STS Configuration page.
  5. Select Yes from the dropdown to Enable Security and select a pre-configured security scenario according to your requirements.
  6. Click on the Next button.
  7. Specify the Trusted Key Stores and Private key Store.
  8. Click on the Finish button.
  9. Click OK in the WSO2 dialog window.