Setting up a Security Token Service

Setting up a Security Token Service

Security Token Service can be set up as per WS-Trust specification using Rampart. The default security token service shipped with the rampart distribution is contained in the rampart-trust.mar module. It can issue SCT tokens and SAML tokens. Sample05 contains a client that connects to the default STS and obtain a SAML token. The services.xml in the sample contains "saml-issuer-config" parameter that is used to configure the default SAML issuer.

STS with a custom issuer

First the default rampart.mar has to be removed from the modules. Then write you own issuer implementing the "org.apache.rahas.TokenIssuer" interface. Let's say that your issuer is "org.custom.MyIssuer". Then create a Axis2 service archive with the following in the services.xml. Drop the archive into the repository and you have a STS with a CustomToken issuer.

<module ref="rampart" />

<operation name="IssueToken"

    <!-- Action mapping to accept RST requests -->

    <parameter name="token-dispatcher-configuration">
        <!-- Issuers. You may have many issuers. -->
        <issuer class="org.custom.MyIssuer" default="true">