WSO2 Identity Server's security token service (STS) is used as the WS-Trust implementation. The STS is capable of issuing SAML 1.1 and 2.0 security tokens and has a SOAP/XML API for token issuance. This API can be secured with the UserNameToken
or with any other WS-Security mechanism.
Configuring STS
STS is configured under the Resident Identity Provider section of the Identity Server Management Console. Use the following step to do the configurations.
- Configure the Resident Identity Provider. See here for more detailed information on how to do this.
- In the Resident Identity Provider page, expand the Inbound Authentication Configuration section along with the WS-Trust/WS-Federation(Passive) Configuration section.
- Click Apply Security Policy.
- Select Yes in the Enable Security? dropdown and select UsernameToken under the Basic Scenarios section.
- Click Next.
- In the resulting page, select the admin checkbox and click Finish.
- Click Ok on the confirmation dialog window that appears and click Update to complete the process.
Now STS is configured and secured with a username and password. Only users with the Admin role can consume the service.
The next step is to add a service provider to consume the STS.
Adding a service provider for the STS client
- See here for details on adding a service provider.
- Expand the Inbound Authentication Configuration section and the WS-Trust Security Token Service Configuration section. Click Configure.
- In the resulting screen, enter the Endpoint Address. This must be used as the service URL and the token is delivered by the STS client.
- Click Update to save the changes made to the service provider.
Now the service provider is configured successfully. Next you need to run the STS client. To try out a sample STS Client, follow the steps found here.