When you create a feed from a web service that requires authentication with a SAML token, a username token, or an STSUniversalUser token to invoke the feed, you exchange the LTPA token used for logging in to Mashup Center for the different token format.
You exchange the credentials between the LTPA token and a different token format by using a security token service (STS) and configuring the identity service.
To configure the security token service in MashupHub, you set up your environment for Tivoli® Federated Identity Manager and use it to create one or more security trust chains. Next you configure the identity service.
Setting up your environment for a security token service: imc3
Set up your environment for a security token service by installing Tivoli Federated Identity Manager and its prerequisite software.
Creating trust service chains: imc3
Create trust service chains so that users can be authenticated to the web service with different token types. A trust chain is a mapping that defines what type of token can be exchanged for the WebSphere® Application Server LTPA token for the token that is needed to invoke the web service.
Configuring the identity service: imc3
Configure the identity service settings if you use credential mapping to invoke a Web Service using the Requires WS-Security Token Service (STS)
option in the Web service or IBM® Information Server feed generators. The identity service mapping is required when the web service needs to exchange a credential it has access to for another credential. For example, exchanging an SSO token (LTPA) for a SAML token. The identity service communicates with a security token service to exchange the credentials.
Parent topic: MashupHub security: imc3