使用SSL保护与安全令牌服务之间的通信
Secure communication with the security token service using SSL
未联系到任何安全令牌服务。
安全令牌服务:使用REST令牌把声明打包和转换。
Security token Service: Package and transit output claims using REST tokens.
表示用于从安全令牌服务获取已颁发令牌的信息。
Represents information used to obtain an issued token from a security token service.
这是一个OASISWS - Trust规范中定义的安全令牌服务(STS)。
This is a security token service (STS), as defined in the OASIS WS-Trust specification.
客户端身份验证采用SOAP消息安全方式提供,并根据由安全令牌服务颁发给客户端的令牌进行。
Client authentication is provided by means of SOAP message security and is based on the token issued to the client by a security token service.
当从安全令牌服务获取已颁发的令牌时,必须使用该绑定配置客户端应用程序,以用于与安全令牌服务进行通信。
When obtaining an issued token from a Security token Service, the client application must be configured with the binding to use to communicate with the Security token Service.
对于安全令牌服务模块:com.tivoli.am.fim.trustserver.sts.modules.*=all
For security token service modules: com.tivoli.am.fim.trustserver.sts.modules.*=all
建议保护与TivoliFederatedIdentityManager安全令牌服务之间的通信,以保护消息的完整性和私密性。
Securing the communication with the Tivoli Federated Identity Manager security token service is recommended to protect the integrity and confidentiality of the message.
虽然WebSphereApplicationServer可直接联系安全令牌服务,但是图6显示了样例场景如何在STS组件引入后演变。
Although WebSphere Application Server could directly contact an Security Token Service, the Figure 6 shows how the sample scenario evolves after the STS component introduction.
样例配置中包含一个客户端、提供者和已配置的安全令牌服务 (Security Token Service,STS),如图1 所示。
The sample configuration includes a client, provider, and security token service (STS) configured, as shown in Figure 1.
并且,如果你对一个场景表示信任,那么你就有了一个三方测试(3- waytest):客户端、STS (Security TokenService,安全令牌服务)、服务——这样,你就有更多的组合要测试。
And when you have trust in the picture then you have a 3-way test: client, STS, service - so you have more combinations to test.
这种冗余是由于PAC是嵌入在服务令牌中并且作为一个安全实体在客户机与服务器之间进行流转而引起的。
This redundancy was induced because the PAC was embedded in service tickets and flowed as a single security entity from the client to the server.
客户端包含SAML安全令牌的受保护初始请求被发送给服务。
The client's secured initial request containing the SAML security token is sent to the service.
通过内部使用ltpa令牌,Web服务实现获得了在支持大量工具的IBM环境中传播安全上下文的简单方法。
Using LTPA tokens internally, Web services implementations gain a lightweight way to propagate security context in an IBM environment with great tools support.
这种机制由Web服务用来对请求者进行更多质询,以确保消息不过时,以及验证安全令牌的使用是否已经授权。
This is used by a Web service for additional challenges to a requester to ensure message freshness and verification that the use of a security token is authorized.
改进的性能,因为ltpa令牌是WebSphereApplicationServer在安全的环境中使用的基本机制,所以在Web服务调用中使用它的开销是非常小的。
Improved performance; because the LTPA token is the principal mechanism used by WebSphere Application Server in a secured environment, the overhead to use it in a Web services call is very small.
第3步,Web服务提供者,包括安全的温度转换服务,需要一个ltpa令牌。
Third, the Web services provider, including the secured temperature converter service, expects an LTPA token.
WS - Trust还允许在SOAP消息头内直接传输安全令牌,而不是通过STSWeb服务接口。
WS-Trust also allows for directly transporting security tokens in SOAP message headers, rather than via the STS web service interface.
为“Print”Web服务定义安全令牌。
自定义令牌对象的工作原理与其他WebSphere安全令牌相同,应用服务器将自动对其进行传输。
The custom token object behaves like other WebSphere security tokens, and the application server automatically transmits it.
现在我们已经开发了Printweb服务,接下来可以开始为服务配置部署描述符(webservices . xml),以定义web服务可接受的安全令牌。
Now that we have developed the Print web service, we can configure the deployment descriptor (webservices.xml) for the service to define the Security Tokens that can be accepted by the web service.
安全属性传播是应用服务器所提供的一种服务,用以传播各种属性、令牌、或与安全上下文相关的对象。
Security attribute propagation is a service provided by the application server to propagate various attributes, tokens, or objects related to the security context.
服务提供者可以使用数字签名和安全服务令牌符号(例如X509证书),用它们来验证请求者的权利。
The provider could use digital signatures and secure service tokens (such as X509 certificates) that they have issued to validate the requestor's entitlements.
客户端域网关期望Web服务安全(WS 安全)标头中具有LTPA令牌的请求消息(该标头由本系列文章的 第 4部分描述的配置生成)。
The client domain gateway expects a request message with an LTPA token in a Web services security (WS-Security) header as generated by the configuration described in Part 4 of this series.
唯一的区别在于,在进行了标准的安全配置之后,您需要通过指定LTPA 令牌的使用来确保Web服务的安全。
The only difference is that, after you perform the standard security configuration, you need to secure the Web service by specifying the use of the LTPA token.
我们将研究下面的示例场景,以便使用用于Web服务调用和Web应用程序的ltpa令牌对应用程序进行配置并确保其安全。
We'll go through the following sample scenario to configure and secure an application using the LTPA token for the Web services call, and also for the Web application.
这意味着对Web服务接口的所有请求必须包含一个安全令牌,安全令牌代表有效的用户凭证。
This means that all requests against the Web service interface must contain a security token, which represents a valid user authentication.
SaaS提供者将使用这个由承租者的联合服务器所颁发的安全令牌进行授权。
The security token issued by the tenant's federation server will be used by the SaaS provider for authorization.
为了满足这个需求,设置Web服务安全性(WS-Security)来提供消费应用程序(Consuming Application)的 X.509证书作为 Web 服务请求中的二进制安全性令牌。
To address this need, WS-Security was set up to provide the Consuming Application's X.509 certificate as a binary security token within web services requests.
应用推荐