A Security Token Service Relying Party Partner defined in the Security Token Service Partner Store is represented by the resource of type TokenServiceRP.
A Token Issuance Policy defines the rules under which a token can be issued for a resource (Relying Party Partner) based on the client's identity, with the client either being a Requester Partner or an end user. When issuing a token, Security Token Service will determine for which Relying Party that token is created, and it will then evaluate if the client is authorized to request the token for that Relying Party.
Note:
To issue a token, a Token Issuance Policy must be created with the resource involved in the operation and, possibly, with a condition. At run time if the policy evaluation is successful, the token will be issued.
The resource(s) in a policy can be:
A TokenServiceRP type resource represents resources for, and is based on, the Token Service Relying Party (required for Mobile and Social REST clients).
See Also:
Managing Oracle Access Management Mobile and Social for details about Configuring Access Manager for Mobile and Social Authentication Service
The pre-existing UnknownRP resource which is needed when Security Token Service is not able to map the Service URL referenced in the AppliesTo
element of the WS-Trust request to an Security Token Service Relying Party Partner entry.
The pre-existing MissingRP resource which is needed when the AppliesTo
element of the WS-Trust request is missing.
Note:
Both the MissingRP and UnknownRP are defined in the IAM Suite Application Domain.
A resource of type TokenServiceRP, Figure 45-14, represents a Security Token Service Relying Party Partner defined in the Security Token Service Partner Store.
Figure 45-14 Pre-defined Resource Type: TokenServiceRP
Resources of type TokenServiceRP are used in Token Issuance Policies, which are evaluated when Security Token Service issues tokens at run time. This is a predefined resource type, which cannot be deleted. However, additional operations can be created, edited or deleted as needed. Predefined operations are shown with a lock icon.
See the following topics for more information:
All the resources of a specific type in a domain and the resources provided out of the box can be filtered when the search criteria used is TokenServiceRP Type Resources.
You need to use the Search controls for the Application Domain to locate resources of a specific type in a domain. Resource Type TokenServiceRP is the search criteria. The Search Results table lists all resources of this type in the Application Domain.
Figure 45-15 shows the search controls for the IAM Suite resources.
Figure 45-15 Search: Resource Type TokenServiceRP in Application Domain
The TokenServiceRP resources in this domain include those provided out of the box, and described earlier:
UnknownRP resource
MissingRP resource
Users with valid Administrator credentials can add TokenServiceRP resources to an Application Domain.
Note:
If AppliesTo
is present in the RST but the requester could not be mapped, use the TokenServiceRP:UnknownRP
resource.
If AppliesTo
is not present, use TokenServiceRP:MissingRP
, otherwise select the appropriate resource.
See About Managing TokenServiceRP Type Resources in Access Manager.
To manage TokenServiceRP Resources:
Locate the desired Application Domain.
Add TokenServiceRP Resource to the Application Domain:
Click the New Resource button on the Application Domain Search page.
Specify the Resource Type as TokenServiceRP.
Enter a Resource URL that is the Relying Party ID for whom the token issuance policy will be defined.
Click the Apply button at the top of the page to submit this and dismiss the confirmation window.
Find TokenServiceRP Resources:
In the desired Application Domain, open the Resources tab to display the Search controls.
From the Resource Type, choose TokenServiceRP, and click Search.
Review the Search Results table and click a name to open the Resource Definition.