The Security Token Service (STS) Client agent profile stores the configuration data related to securing an outbound request to the OpenSSO Enterprise Security Token Service or Discovery Service to obtain a security token. The data includes the supported security mechanisms, keystore locations, signing and encryption instructions, and endpoints.
The Discovery Agent allows you to store data used to communicate with the Discovery Service to obtain a security token based on the Liberty Alliance Project specifications. The token secures communications between the client and the Discovery Service end point. This option is defined as the value of the Discovery Configuration attribute in the WSC security agent profile.
The STS Agent allows you to store data used to communicate with the Security Token Service to obtain a security token based on the WS-Trust specifications. The token secures communications between the client and the Security Token Service end point. This option is defined as the value of the STS Configuration attribute in the WSC security agent profile. Out of the box, SecurityTokenService is the default token agent profile for the Security Token Service. Additional profiles can be defined with the profile name dependant on the service name defined in the security token service's WSDL file. (The security agent searches based on the service name.) This allows multiple security token services to use the same configuration data store. The name of the security token service must be unique across all agents.
For more information, see Part IV, The Web Services Stack, Identity Services, and Web Services Security, in Sun OpenSSO Enterprise 8.0 Technical Overview.
The Group functionality is not supported with the STS Client Agent Profile.