PassTicket module

The PassTicket module is called PassTicketSTSModule. PassTicket tokens extend the structure of Username tokens by adding a generated PassTicket.

Scenario

• Custom trust chains

Supported modes

• Validate
• Issue
• Exchange

Configuration properties for Validate mode

Amount of time the token remains valid (seconds)

An integer value that indicates the amount of time, in seconds, that the token remains valid.

Default value is 300.

The special value -1 means that the token does not expire.

Hexadecimal key used to validate a PassTicket token

A key value that consists of exactly 16 hexadecimal digits, which are used to validate a valid PassTicket.

Note: Leave as ******** if you are editing the property, and the key does not need to be changed.

The name of the application used to generate the unique PassTicket

The name of the application that was used to generate the unique PassTicket. This property must be an eight character user ID. The characters must be alphanumeric. For example, GS1SGRAM.

Dynamic application names are supported. You can override the configured application name by supplying an application name in the SOAP request. When the module is in Validate mode, the application name to be used is determined as follows:

1. If an application name is supplied in wst:Claims, use it.
2. If an application name is not supplied in wst:Claims, use the name that is configured in the module.

Enable signature validation

Specifies whether to enable validation of signatures in the token module. Default is false.

Certificate database

Specifies the keystore that contains the key or certificate for validating the signatures in the PassTicket token. Required only when Enable signature validation is selected.

Certificate label

Specifies the certificate in the specified keystore for validating the signatures in the PassTicket token. Required only when Enable signature validation is selected.

Configuration properties for Issue mode and Exchange mode

Include a nonce in the PassTicket token

Specifies whether to include a nonce (random bits used for obfuscating the element) in the PassTicket token.

Add creation timestamp in the PassTicket token

Specifies whether to add a time stamp to the PassTicket token, indicating the creation time of the token.

Hexadecimal key used to generate a PassTicket token

A key value that consists of exactly 16 hexadecimal digits, which are used to generate a valid PassTicket.

Note: Leave as ******** if you are editing the property, and the key does not need to be changed.

The name of the application used to generate the unique PassTicket

The name of the application that was used to generate the unique PassTicket. Must be an eight character user ID. The characters must be alphanumeric. For example, GS1SGRAM.

Dynamic application names are supported. You can override the application name by supplying an application name in the SOAP request. When the module is in Issue mode, the application name to use is determined in the following order:

1. If an application name is supplied in ContextAttributes, use it.
2. If an application name is not supplied in ContextAttributes, but an application name is supplied in wst:Claims, use the wst:Claims name.
3. If an application name is not supplied in either ContextAttributes or wst:Claims, use the name that is configured in the module.

Enable signing of the PassTicket token

Specifies whether to enable the signing of the PassTicket token module.

Default is false.

Certificate database

Specifies the keystore that contains the key or certificate for signing the PassTicket token. Required only when Enable signing of the PassTicket token is selected.

Certificate label

Specifies the certificate in the specified keystore for signing the PassTicket token. Required only when Enable signing of the PassTicket token is selected.