Configuring STS Instances

You configure STS instances to perform one or more token transformations. Each instance provides configuration details about how SAML v2.0 and/or OpenID Connect output tokens are encrypted or signed. Deployments that support multiple SAML v2.0 and/or OpenID Connect service providers require multiple STS instances.

When you publish an STS instance, you create an STS instance with a given configuration. You can publish instances either using the AM console or the REST API.

When you publish a REST STS instance, AM exposes a REST endpoint for accessing the instance, and the instance is immediately available for use to callers.


The SOAP STS service is deprecated, and will be removed in a future release. Installing instances of this service is not supported.

Configuring the REST STS

To implement the REST STS using the AM console, add one or more REST STS instances to your AM deployment.

To configure a REST STS instance using the AM console, navigate to Realms > Realm Name > STS > REST STS Instances, and then click Add.

See "REST STS Configuration Properties" for detailed information about STS configuration properties.


You can also publish REST STS instances programmatically. AM provides a Publish Service, which is a collection of endpoints you can use to publish instances instead of accessing the AM console.

For more information, see "Publishing REST STS Instances".

Read a different version of :