Security containers
Security containers are used on the DFHWSTC-V1 channel to send and receive identity tokens from a Security Token Service (STS) such as Tivoli® Federated Identity Manager. This interface is called the Trust client interface and can be used in web service requester and provider pipelines.
DFHWS-IDTOKEN container
DFHWS-IDTOKEN is a container of DATATYPE(CHAR). It contains the token that the Security Token Service (STS) either validates or uses to issue an identity token for the message. Use this container only with channel DFHWSTC-V1 for the Trust client interface.
The token must be in XML format.
DFHWS-RESTOKEN container
- If the action is issue, this container holds the token that the STS has exchanged for the one that was sent in the DFHWS-IDTOKEN container.
- If the action is validate, this container holds a URI to indicate whether the security token
that was sent in the DFHWS-IDTOKEN container is valid or not valid. The URIs that can be returned
are as follows:
URI Description http://schemas.xmlsoap.org/ws/2005/02/trust/status/validThe security token is valid. http://schemas.xmlsoap.org/ws/2005/02/trust/status/invalidThe security token is not valid.
This container is returned on the channel DFHWSTC-V1 when using the Trust client interface.
DFHWS-SERVICEURI container
DFHWS-SERVICEURI is a container of DATATYPE(CHAR). It contains the URI that the Security Token Service (STS) uses as the AppliesTo scope. The AppliesTo scope is used to determine the web service with which the security token is associated. Use this container only with channel DFHWSTC-V1 for the Trust client interface.
DFHWS-STSACTION container
DFHWS-STSACTION is a container of DATATYPE(CHAR). It contains the URI of the action that the Security Token Service (STS) takes to either validate or issue a security token. The URI values that you can specify in this container are as follows:
| URI | Description |
|---|---|
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue |
The STS issues a token in exchange for the one that is sent in the DFHWS-IDTOKEN container. |
http://schemas.xmlsoap.org/ws/2005/02/trust/Validate |
The STS validates the token that is sent in the DFHWS-IDTOKEN container. |
Use this container only with channel DFHWSTC-V1 for the Trust client interface.
DFHWS-STSFAULT container
DFHWS-STSFAULT is a container of DATATYPE(CHAR). It contains the error that was returned by the Security Token Service (STS). If an error occurs, the STS issues a SOAP fault. The contents of the SOAP fault are returned in this container.
This container is returned on the channel DFHWSTC-V1 when using the Trust client interface.
DFHWS-STSREASON container
DFHWS-STSREASON is a container of DATATYPE(CHAR). It contains the contents of the
<wst:Reason> element, if this element is present in the response message from
the Security Token Service (STS).
The <wst:Reason> element contains an optional string that provides
information relating to the status of the validation request that was sent to the STS by CICS®. If the security token is not valid, the information
provided by the STS in this element can help you to determine why the token is not valid. For more
information, see the Web Services Trust Language specification.
DFHWS-STSURI container
DFHWS-STSURI is a container of DATATYPE(CHAR). It contains the absolute URI of the Security Token Service (STS) that is used to validate or issue an identity token for the SOAP message.
The format of the URI is
http://www.example.com:8080/TrustServer/SecurityTokenService. You can use HTTP or
HTTPS, depending on your security requirements.
Use this container only with channel DFHWSTC-V1 for the Trust client interface.
DFHWS-TOKENTYPE container
DFHWS-TOKENTYPE is a container of DATATYPE(CHAR). It contains the URI of the requested token type that the Security Token Service (STS) issues as an identity token for the SOAP message. You can specify any valid token type, but it must be supported by the STS.
Use this container only with channel DFHWSTC-V1 for the Trust client interface.