Trusted ID evaluator collection

Use this page to view a list of trusted identity (ID) evaluators. The trusted ID evaluator determines whether to trust the identity-asserting authority. After the ID is trusted, WAS issues the proper credentials based on the identity, which are used in a downstream call for invoking resources. The trusted ID evaluator implements the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator interface.

To view this administrative console page for trusted ID evaluators on the cell level, complete the following steps:

  1. Click Security > Web services.

  2. Under Additional properties, click Trusted ID evaluators.

  3. Click New to create a trusted ID evaluator or click Delete to delete a trusted ID evaluator.

To view this administrative console page for trusted ID evaluators on the server level, complete the following steps:

  1. Click Servers > Application servers > servername.

  2. Under Security, click Web services: Default bindings for Web services security.

  3. Under Additional properties, click Trusted ID evaluators.

  4. Click New to create a trusted ID evaluator or click Delete to a delete a trusted ID evaluator.

To view this administrative console page for trusted ID evaluators on the application level, complete the following steps:

  1. Click Applications > Enterprise applications > appname.

  2. Under Related items, click EJB modules or Web modules.

  3. Click URI_name.

  4. Under Additional properties, click Web services: Server security bindings.

  5. Under Request consumer (receiver) binding, click Edit custom.

  6. Click Trusted ID evaluators.

  7. Click New to create a trusted ID evaluator or click Delete to delete a trusted ID evaluator.

To view this administrative console page for trusted ID evaluators on the application level, complete the following steps:

  1. Click Applications > Enterprise applications > appname.

  2. Under Related items, click EJB modules or Web modules > URI_name.

  3. Under Additional properties, click Web services: Server security bindings.

  4. Click Edit under Request receiver binding.

  5. Click Trusted ID evaluators.

  6. Click New to create a trusted ID evaluator or click Delete to delete a trusted ID evaluator.

Important: Trusted ID evaluators are only required for the request receiver (V5.x applications) and the request consumer (v6.x.x applications), if identity assertion is configured.

Using this trusted ID evaluator collection panel, complete the following steps:

  1. Specify a trusted ID evaluator name and a trusted ID evaluator class name.

  2. Save your changes by clicking Save in the messages section at the top of the administrative console.

  3. Click Update run time to update the Web services security run time with the default binding information, which is found in the ws_security.xml file. The configuration changes made to the other Web services also are updated in the Web services security run time.

Trusted ID evaluator name

Specifies the unique name of the trusted ID evaluator.

Trusted ID evaluator class name

Specifies the class name of the trusted ID evaluator.