WSS Consumer
This policy facilitates processing of WS-Security Header from response message.
WSS Consumer acts on the Reference side to ensure that the confidentiality, integrity, and timestamp of a request remains secure. To maintain confidentiality, a response is decrypted at its endpoint. To maintain integrity, the response is verified for a valid signature. To track the time of the response, a timestamp is inserted in the response.
To maintain confidentiality, the policy can be configured for an outbound request to be encrypted and an inbound response to be decrypted at its endpoint. To maintain integrity, the outbound request can be signed and the signature verified in the inbound response. You can also insert a timestamp in an outbound request and verify a timestamp in the inbound response. You also have an option to attach credentials to the outbound request.
Policy | Shared Resource | Object Group Types |
---|---|---|
WSS Consumer |
|
|
Property | Description |
---|---|
WSS Processor |
This option is required if decryption, signature verification or timestamp verification is required on the inbound response. This option is required if decryption, signature verification or timestamp verification is required on the inbound response. |
Confidentiality | Encrypt request and/or decrypt response. |
Integrity | Sign request and/or verify signature on response. |
Timestamp |
Set timestamp on request and/or verify timestamp on response. |
Credential Mapping | Use supported identity token profiles to insert identity token into outgoing requests. Select one from the following options:
|
Algorithm Suite | Specifies the algorithm suite required for performing cryptographic operations with symmetric or asymmetric key based security tokens. An algorithm suite specifies actual algorithms and allowed key lengths. |
Digest Algorithm | The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.
Default type is SHA-256. You can select a different type from the drop-down menu. |
Property | Description |
---|---|
WSS Processor | Specify a Resource Template for WSS Processing. |
Confidentiality | Select Encrypt Request and/or Decrypt Response. |
Encrypt Request |
Select which one of the following should be encrypted:
|
Decrypt Response | No additional configuration required. |
Integrity | Select Sign Request and/ or Verify signature on response. |
Sign Request |
Select a Resource template for signing. Select which of the following should be signed:
|
Verify signature on response | Select from the following options:
|
Timestamp | Select from the following:
|
Property | Description |
---|---|
SAML Token based Credential Mapping |
|
UsernameToken Credential Mapping using identity provider |
Default Credential Mapping Select this option to map credentials using default mapping. Once selected, you are prompted to select the name of the Identity Provider. Exceptions to the Default Credential Mapping Following options can be selected to exempt from default credential mapping:
After one of these options is selected, you are prompted to enter the name of the Identity Provider. |