Configuring a binding for the WS-Security policy

To use the WS-Security policy with your web service clients, you must first configure bindings for the policy.

About this task

The WS-Security specification includes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. This specification provides protection for a message by encrypting or digitally signing (or both) a message body, headers, attachment, or any combination (or parts) of these. The specification also provides a mechanism for associating security tokens with messages.

To configure a binding for the WS-Security policy:

Procedure

  1. In the Client Side Policy Set Attachment wizard, select the WSSecurity policy type in the Bindings Configuration table; then click Configure.
  2. On the Digital Signature Configuration tab:
    1. Under Outbound Message Security Configuration, select the type of information that your key contains and the algorithm that will be used to transform your outbound messages that have digital signatures. Use the Key Store Settings button to specify settings for your key store.
    2. Under Inbound Message Security Configuration, select the algorithm that will be used to transform your outbound messages that have digital signatures. Select the Trust Any Certificate check box if you want to accept all incoming messages that have digital signatures, without verifying credentials. If you clear this check box, use the Key Store Settings button to specify settings for your key store, and optionally specify a certificate in the Certificate Path field.
  3. On the XML Encryption Configuration tab:
    1. Under Outbound Message Security Configuration, select the type of information that your key contains and the algorithm that will be used to transform your outbound messages that have digital signatures. Use the Key Store Settings button to specify settings for your key store. Select the Enable MTOM WS-Security Optimization check box if you want to use the SOAP Message Transmission Optimized Mechanism (MTOM) when sending binary data with your messages. Select the Enable Encrypted Header for WS-Security 1.0 check box if you want to use encrypted SOAP headers in the WS-Security version 1.0 specification format.
    2. Under Inbound Message Security Configuration, use the Key Store Settings button to specify settings for your key store.
  4. On the Token Authentication tab:
    1. In the Callback handler list, select a Java™ class to handle messages that use token authentication.
    2. Type your user name and password for token authentication.
  5. Select the Enable Message Expiration check box if you want to enable expiration of your sent messages. If you select this check box, type the number of minutes after which your sent messages will expire in the Message Expiration Interval field. This number should be a positive integer. By default, sent messages remain permanently valid.
  6. Click OK.

What to do next

Note: The window displays read-only information about the token types, callback handlers, and JAAS logins in the binding to help you with specifying the required values.

Feedback