SOAP Over HTTP Binding Details (Consumer)

The following table describes the binding details that are displayed for the selected SOAP over HTTP binding, where the shared resource is acting as a consumer.

Property Description
HTTP Client Instance Logical name to identify the HTTP Client resource instance in the BPM runtime that will be used to call the web service.

The default value is the name of the system participant.

You can bind this logical name to the appropriate HTTP Client resource instance using either of the following methods:

  • Early binding: Replace the name here with the name of a suitable HTTP Client resource instance that already exists on the BPM runtime. (The mapping to the HTTP Client resource instance will then be done automatically when you deploy the application to the BPM runtime.)
  • Late binding: Change or create the HTTP Client resource instance to be used when you deploy the application to the BPM runtime. You do this by changing the value assigned to the HttpOutboundConnectionConfig property on the Property Configuration page of the DAA Deployment Wizard. See Using Pageflow Processes and Business Services for more information about how to do this.

    If you instead export the project to a Distributed Application Archive for subsequent upload to the BPM runtime, a BPM administrator will need to configure the HTTP Client resource instance to be used. See the Administrator interface documentation for your BPM runtime environment for more information about this.

Security Configuration: This section defines the security configuration to be applied to the binding. You should obtain the required information for the following fields from the web service provider and/or the administrator of your BPM runtime. See Configuring Security on an Outgoing Service Call for more information.
Policy Type Defines the type of security policy required to invoke the service - one of the following values:
  • None - to invoke an unsecured service. (This is the default value.)
  • Username Token, X509 Token or SAML Token - to authenticate the outgoing SOAP request using a Web Services Security (WSS) token of the indicated type.
  • Custom Policy - to apply a custom security policy to the outgoing SOAP request and, if required, to the incoming SOAP response.
Note: You must use a Custom Policy if the SOAP response message returned by the service contains a security header. The Username Token, X509 Token or SAML Token policies do not handle an incoming SOAP response that contains a security header.
Governance App. Name Defines the name of the identity provider application from which the BPM runtime will obtain the authentication information needed to contact the service.

The BPM runtime will use this information to construct the WSS token (of the specified type) that will be used to authenticate the outgoing SOAP request.

This field must be completed (and is only displayed) if Policy Type is set to Username Token, X509 Token or SAML Token.

Custom Policy Set Defines the name of an external policy set that the BPM runtime will apply to the outgoing SOAP request (and, if appropriate, to the incoming SOAP response).

This field must be completed (and is only displayed if) Policy Type is set to Custom Policy.

The external policy set:

  • must contain the security information required to construct the outgoing SOAP request and, if appropriate, to also handle the resultant incoming SOAP response.
  • must be defined in an XML file (with the extension .policysets) that is available in the same workspace.

Note: TIBCO Business Studio does not validate whether the external policy set is applicable to and correct for the target service. Using an incorrect policy type or a wrongly configured policy will result in an error, either during DAA configuration or at runtime.

The BPM runtime supports a wide range of policies and policy sets that can be used to address different security requirements and scenarios. For more information about external policy sets and how to create them, see the following topics:

  • "Policy Management", in Composite Development
  • "Security Resource Templates", in SOA Administration. (This guide is not included in the TIBCO Business Studio documentation set. You can access it either from the BPM runtime documentation set, or from the Help in the Administrator interface in the BPM runtime.)