When using a username/password token, first configure an appropriate realm and an appropriate user database for the realm.
Configuring a user database is discussed in To Edit a Realm.
Once the facilities of the Application Server are configured for use by message security providers, then the providers installed with the Application Server may be enabled as described in To enable providers for message security.