CA API Gateway 9.1

9.4 9.1

Create Security Context Token Assertion

gateway90
The 
Create Security Context Token 
assertion is used to process an inbound message containing a RequestSecurityToken (RST) request. It will issue a Security Context Token (SCT), establish a secure conversation session, and then save the session. The secure conversation session is mapped by the identifier defined in the SCT.
Context Variable Created by This Assertion
The generated Security Context Token is stored in the 
${<prefix>.issuedSCT}
context variable. This variable is made available to the Build RSTR SOAP Response Assertion to create an RSTR response message. For more information, see Working with the Security Token Service.
The following is an example of an SCT in the 
${issuedSCT}
 context variable:
<sc:SecurityContextToken wsu:Id="uuid-86acfd31-dcaf-4b4f-9b45-8d79e3c63cba-64" xmlns:sc="...">
<sc:Identifier>urn:uuid:...</sc:Identifier>
</sc:SecurityContextToken>
This assertion assumes that credentials have been provided and are authenticated in the request.
To learn about selecting the target message for this assertion, see Select a Target Message. The target message should contain a user's credentials for request authorization and security context creation.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. Right-click 
    <target>:
     Create Security Context Token
     in the policy window and select 
    Security Context Token Creator Properties
     or double-click the assertion in the policy window. The assertion properties are displayed. 
  3. Configure the properties as follows:Security Context Token Creator settings
    Setting
    Description
    Key Size
    Select the minimum key size to use. If set to "
    Automatic
    ", then the key size will be set to the same key size defined in the RST Request SOAP message, which is the target message set by this assertion. If set to "
    Automatic
    " and no key size is defined in the RST Request SOAP message, then the default key size
    256
     is used.
    If the request value is larger than the configured size, then the value from the request will be used.
    Token Lifetime
    Specify the length of time since issuing before the token expires. This defines the lifetime of a security context session. This setting is available only if you are not using the system default for token lifetime.
    Use System Default
    For the token lifetime, use the value defined in the cluster property
    wss.secureConversation.defaultSessionDuration
    . The default is
    2
     hours.
    Variable Prefix
    Enter a prefix that will be added to the context variable created by this assertion. This prefix will ensure uniqueness and will prevent the variables from overwriting each other when multiple instances of this assertion appear in a policy.
    The default variable prefix is
    sctBuilder
    .
    For an explanation of the validation messages displayed, see Context Variable Validation.
  4. Click [
    OK
    ].

Content feedback and comments