Enforcing WSS Provider

Use the WSS Provider policy to enforce authentication, confidentiality, integrity, and the time stamping of service-side messages.

First, create and configure the policy. Next, associate the policy with a binding in your application.

Setting Up a Policy with Resources

Follow these steps to set up a new WSS Provider policy with resources:

  1. In the Project Explorer, right-click the Policies folder and select New > Policy.

    The Policy Wizard opens.



  2. Specify the following values in the Create New Policy Window:
    • Policy Folder: Name of the folder where policies will be located.
    • Package: Name of the package in the module where the new policy is added. Accept the default package, or browse to select a different package name.
    • Policy Name: Name of the new policy. By default, the policy name is configured to match the security policy you choose.
  3. Under Select the type of Policy, select WSS Provider.
  4. From the Policy Defaults drop-down menu, select one of the following options:
    Note: The Policy Defaults menu offers a list of commonly used policy configurations to choose from. After you select a Policy Default, a policy with preconfigured settings and related resources is created. If resources already exist in the module, the newly created policy automatically refers them. However, if no resources exist, new resources with default settings are created and referred to by the policy. Refer to the Default description at the bottom of the Policy Wizard to view policy configurations and new resources that might be created.
    • SAML Token Authentication: Select this option to authenticate credentials through SAML assertion. A WSS Provider policy configured for SAML token-based authentication and the following resources are produced in your workspace:
      • A sample keystore file with the default file name truststore.jks.
      • A Trust Provider resource with the default file name WssProvider_TrustStore.trustResource
      • A KeyStore Provider resource with the default file name WssProvider_KeystoreProvider.keystoreProviderResource
      • A WSS Authentication resource with the default file name WssProvider_WSSAuthProvider.wssResource
    • UserName Token Authentication with LDAP: Select this option to authenticate credentials through user name token authentication with LDAP. A WSS Provider policy configured for user name token-based authentication with LDAP and the following resources are produced in your workspace:
      • An LDAP Authentication resource with the default file name WssProvider_AuthenticationProvider.ldapResource
      • A WSS Authentication resource with the default file name WssProvider_WSSAuthProvider.wssResource
    • UserName Token Authentication with Workspace XML: Select this option to authenticate credentials through user name token-based authentication with an XML file authentication resource stored in your workspace. A WSS Provider policy configured for XML file authentication and the following resources are produced in your workspace:
      • An XML Authentication resource with the default file name WssProvider_AuthenticationProvider.authxml
      • A WSS Authentication resource with the default file name WssProvider_WSSAuthProvider.wssResource
      • A preconfigured XML file with the default file name XmlUsers.xml is created if an XML file does not already exist.
    • UserName Token Authentication with Filesystem XML: Select this option to authenticate credentials through user name token-based authentication with an XML file authentication resource stored in your local file system. A WSS Provider policy configured for XML file authentication and the following resources are produced in your workspace:
      • An WSS Authentication resource with the default file name WssProvider_WSSAuthProvider.wssResource
      • An XML Authentication resource with the default file name WssProvider_AuthenticationProvider.authxml
    • Empty Policy (No Default) : Select this option to create a new WSS Provider policy with no preselected options and no resources.
  5. Optional. Select Always create new shared resources to ensure new resources are generated for the policy and referred to by the policy.
  6. Optional. Select Create module properties for common fields to override default properties in newly created resources with module properties. Resources with module properties for common fields are generated after you select this option.
  7. Select Finish to create the policy.

Configuring Resources and the Policy

For resource configurations, refer to the following topics under the "Shared Resources" topic in the TIBCO ActiveMatrix BusinessWorks™ Bindings and Palettes Reference guide:
  • Identity Provider
  • Keystore Provider
  • Subject Provider
  • Trust Provider
  • WSS Authentication

For policy configuration details, refer to the topic "WSS Provider" under "Policy Resources" in the TIBCO ActiveMatrix BusinessWorks Bindings and Palettes Reference guide .

Associate the Policy with a Binding

You can associate the WSS Provider policy with the following bindings:
  • SOAP-HTTP Service Binding
  • SOAP-JMS Service Binding

For instructions on how to enforce a policy on a binding in your application, refer to Associating Policies.