This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Securing the Security Token Service
Most of the time, it is necessary to secure the Security Token Service. According the Trust Brokering model defined in the WS-Trust specification, the subject (user) should authenticate himself to the STS before obtaining a token. STS may use this authentication information when constructing the security token. For example, STS may populate the required claims based on the user name provided by the subject. You can apply a security policy for STS by clicking on the "Apply Security Policy" link.
Follow the instructions below to secure the Security Token Service.
1. Sign in. Enter your user name and password to log on to the Management Console as described here for Windows users and here for Linux users.
2. Click the "Main" button to access the "Manage" menu.
3. From the "Main" menu, select "Security Token Service" under "Manage."
4. Click on the "Apply Security Policy" link on the "STS Configuration" page.
5. Enable "Security" and select a pre-configured security scenario according to your requirements.
6. Click on the "Next" button.
7. Specify the "Trusted Key Stores" and "Private key Store."
8. Click on the "Finish" button.
9. Click "OK" in the WSO2 dialog window.