使用SSL保护与安全令牌服务之间的通信
Secure communication with the security token service using SSL
安全令牌服务:使用REST令牌把声明打包和转换。
Security token Service: Package and transit output claims using REST tokens.
表示用于从安全令牌服务获取已颁发令牌的信息。
Represents information used to obtain an issued token from a security token service.
这是一个OASISWS - Trust规范中定义的安全令牌服务(STS)。
This is a security token service (STS), as defined in the OASIS WS-Trust specification.
客户端身份验证采用SOAP消息安全方式提供,并根据由安全令牌服务颁发给客户端的令牌进行。
Client authentication is provided by means of SOAP message security and is based on the token issued to the client by a security token service.
当从安全令牌服务获取已颁发的令牌时,必须使用该绑定配置客户端应用程序,以用于与安全令牌服务进行通信。
When obtaining an issued token from a Security token Service, the client application must be configured with the binding to use to communicate with the Security token Service.
对于安全令牌服务模块:com.tivoli.am.fim.trustserver.sts.modules.*=all
For security token service modules: com.tivoli.am.fim.trustserver.sts.modules.*=all
建议保护与TivoliFederatedIdentityManager安全令牌服务之间的通信,以保护消息的完整性和私密性。
Securing the communication with the Tivoli Federated Identity Manager security token service is recommended to protect the integrity and confidentiality of the message.
虽然WebSphereApplicationServer可直接联系安全令牌服务,但是图6显示了样例场景如何在STS组件引入后演变。
Although WebSphere Application Server could directly contact an Security Token Service, the Figure 6 shows how the sample scenario evolves after the STS component introduction.
样例配置中包含一个客户端、提供者和已配置的安全令牌服务 (Security Token Service,STS),如图1 所示。
The sample configuration includes a client, provider, and security token service (STS) configured, as shown in Figure 1.
并且,如果你对一个场景表示信任,那么你就有了一个三方测试(3- waytest):客户端、STS (Security TokenService,安全令牌服务)、服务——这样,你就有更多的组合要测试。
And when you have trust in the picture then you have a 3-way test: client, STS, service - so you have more combinations to test.
异步完成令牌支持线程池,它允许服务在等待异步响应时释放线程,并将其放回到池中。
Asynchronous completion token supported thread pooling by allowing services to release threads back into the pool while awaiting asynchronous responses.
目标服务器对令牌进行反序列化,并将它们附加到主题或线程,这取决于令牌的具体类型。
The target server deserializes the tokens and attaches them to the subject or the thread, depending on the type of the token.
使用令牌转换服务标准化企业中的用户标识格式。
Standardizing user identity formats within the enterprise with the token transformation service.
此服务对令牌(经过数字签名的XML文档)进行验证。
This service validates a token, which is a digitally signed XML document.
成功确认之后,服务提供商颁发访问令牌来访问受保护资源。
Upon successful validation, the service provider issues the access token to access the protected resources.
不过,他们不希望服务提供者必须理解ltpa令牌才能将其本身与外包服务的实现联系在一起。
They do not, however, want to tie themselves to the implementation of the outsourced service by requiring the service provider to understand LTPA tokens.
这种冗余是由于PAC是嵌入在服务令牌中并且作为一个安全实体在客户机与服务器之间进行流转而引起的。
This redundancy was induced because the PAC was embedded in service tickets and flowed as a single security entity from the client to the server.
目标服务器接收请求,检索gss令牌,提取服务器标识,对其进行身份验证,并与受信任的服务器标识列表进行比较。
The target server receives the request, retrieves the GSS token, extracts the server identity, authenticates it, and compares it to the list of trusted servers' identities.
目标服务器接收请求,并将反序列化后的令牌传递给应用服务器进行解密。
The target server receives the request and passes the deserialized token to the application server for decryption.
这个回调也会与PLAM在客户机的运行库中进行交互,从而获取PAC标识符;这与从用户的信任证书缓存中获取认证服务令牌不同。
This callback, apart from retrieving the authentication service ticket from the user's credential cache, also interacts with PLAM in the client's runtime to fetch the PAC identifier.
客户端配置为信任服务密钥或令牌,而服务配置为信任客户端密钥或令牌。
The client is configured to trust the service keys or tokens and the service is configured to trust the client keys or tokens.
在下面的步骤中,您将配置Username令牌并支持服务对客户端进行身份验证。
In the following steps, you will configure the Username token and enable the service to authenticate the client.
通过内部使用ltpa令牌,Web服务实现获得了在支持大量工具的IBM环境中传播安全上下文的简单方法。
Using LTPA tokens internally, Web services implementations gain a lightweight way to propagate security context in an IBM environment with great tools support.
当解决方案受到端到端的保护(例如利用令牌档案)时,调试服务握手可能很困难。
It can be difficult to debug service handshakes, when the solution is secured from end-to-end, such as with token profiles.
最后,当调用方需要签出附件时,它使用令牌调用ClaimCheck服务,附件返回调用方。
Finally, when the caller needs to check out the attachment, it invokes the Claim check service with the token and the attachment is returned to the caller.
为“Print”Web服务定义安全令牌。
令牌生成器(TG)——生成允许服务提供商取得文档的令牌。
Token Generator (TG) - generates tokens allowing the service provider to retrieve documents.
在这第二个示例中,系统需要一台客户机来首先获得一个已被认证的令牌并将这个令牌给后继服务。
In this second example, the system requires a client to first get an authenticated token and present that token to the subsequent service.
目标服务器接收请求,检索gss令牌,提取服务器标识,并与受信任的服务器标识列表进行比较。
The target server receives the request, retrieves the GSS token, extracts the server identity and compares it to the list of trusted server identities.
应用推荐