Installing Security Token Services

Talend Real-time Big Data Platform Installation Guide for Linux

EnrichVersion
6.3
EnrichProdName
Talend Real-Time Big Data Platform
task
Installation and Upgrade

An informal description of a Security Token Service is that it is a web service that offers some or all of the following services (among others):

  • It can issue a Security Token of some sort based on presented or configured credentials.

  • It can say whether a given Security Token is valid or not.

  • It can renew (extend the validity of) a given Security Token.

  • It can cancel (remove the validity of) a given Security Token.

  • It can transform a given Security Token into a Security Token of a different sort.

Offloading this functionality to another service greatly simplifies client and service provider functionality, as they can simply call the STS appropriately rather than have to handle the security processing logic themselves. For example, the WSDL of a service provider might state that a particular type of security token is required to access the service. Then:

  1. A client of the service can ask an STS for a Security Token of that particular type, which is then sent to the service provider.

  2. The service provider could choose to validate the received token locally, or dispatch the token to an STS for validation.

These are the two most common use cases of an STS.

Running STS server as feature in container (Recommended)

To enable the STS server Feature in the Karaf container, execute the following command:

tesb:start-sts

The STS service will start automatically. To make sure that it is running, execute the following command in the console:

list

and find two additional bundles: Apache CXF STS Core and Talend :: ESB :: STS :: CONFIG which enable the STS functionality.

Note

It is normal that the status of this (fragment) bundle is only Resolved and not Active, as the other one.

Note

Sample keys distributed with the RentACar demo should not be used in production. For more information on how to replace the keys used, see the chapter "Using STS with the Talend Runtime" from the Talend ESB Infrastructure Services Configuration Guide.

For additional information about the usage of STS, please read the Talend ESB STS User Guide and the chapter "Using STS with the Talend Runtime" from the Talend ESB Infrastructure Services Configuration Guide.

Running STS server as Web application (Alternative)

The STS war file is located at add-ons/sts/SecurityTokenService.war of the distributive directory and ready for deployment on Tomcat.

For the STS war file deployment, please use standard deployment instructions for your J2EE container (Deployment guide for Tomcat 8: http://tomcat.apache.org/tomcat-8.0-doc/deployer-howto.html) and the chapter "Using STS with the Talend Runtime" from the Talend ESB Infrastructure Services Configuration Guide.

Note

Sample keys distributed with the RentACar demo should not be used in production. For more information on how to replace the keys used, see the chapter "Using STS with the Talend Runtime" from the Talend ESB Infrastructure Services Configuration Guide.