Basic Credential Mapping Policies

You can configure Basic Credential Mapping policies by copying a template into an external policy set, and modifying the parameters appropriately. You can find sample templates in an archive file under TIBCO_HOME/amx/version/samples/policy/samples.zip

You can configure this policy to retrieve user credentials from an Identity Provider resource instance. When using an Identity Provider resource instance to retrieve user credentials for a policy, in the Identity Provider resource template, check the Enable Access to Credential Store Containing Identity checkbox. The JCEKS keystore used in the Identity Provider resource template should be able to store symmetric keys.

Several template samples are available.

Template File
BasicCredentialMappingFixed.policysets
BasicCredentialMappingRoleBased.policysets
Can Provide these Intents
scaext:credentialMapping.basic

UsernameToken - Nonce and Created Elements

When a Basic Credential Mapping or WSS Credential Mapping policy is used to insert a UsernameToken in the SOAP security header, the Nonce and Created elements can be optionally added.

You can configure a Basic Credential Mapping or WS-Security Consumer Credential Mapping policy to have the UsernameToken without the Nonce and Created elements by copying the template below and modifying the parameters appropriately. See the Policy Sets, Policy Templates Reference section in the Composite Development guide for more information about configuring policy sets.

The sample Basic Credential Mapping policy below generates the UsernameToken without the Nonce and Created elements. 

<?xml version="1.0" encoding="UTF-8"?>
<ep:policySetContainer xmlns:ep="http://xsd.tns.tibco.com/amf/models/externalpolicy" 
   xmlns:sca="http://www.osoa.org/xmlns/sca/1.0" 
   xmlns:scaext="http://xsd.tns.tibco.com/amf/models/sca/extensions"  
   xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"  
   xmlns:wssp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" 
   xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0
   .xsd"
   xmlns:tpa="http://xsd.tns.tibco.com/governance/policy/action/2009"
   xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
   xmlns:tpc="http://xsd.tns.tibco.com/governance/policy/common/2009"
   xmlns:jmsbt="http://xsd.tns.tibco.com/amf/models/sca/bindingtype/jms"
   xmlns:soapbt="http://xsd.tns.tibco.com/amf/models/sca/binding/soap"
   xmlns:webapp="http://xsd.tns.tibco.com/amf/models/sca/implementationtype/webapp"
   targetNamespace="http://www.example.org">
 
  <!-- add the policy sets here -->
  <sca:policySet name="CredentialMappingUsernameToken" 
  provides="scaext:clientAuthentication.usernameToken" 
  appliesTo="soapbt:binding.soap.service">
          <wsp:Policy template="tpt:WssConsumer" xmlns:tpt="
          http://xsd.tns.tibco.com/governance/policy/template/2009">
                <wsp:All>
                    <wsp:Policy>
                        <wsp:All>
                     <tpa:CredentialMapping>
                        <tpa:Fixed>
                            <wssp:UsernameToken>
                               <wsse:Username>schalla</wsse:Username>
                               <wsse:Password>password</wsse:Password>
                            </wssp:UsernameToken>
                            <tpa:IdentityProvider 
                             ResourceInstance="IdPasswordProvider" />    
                        </tpa:Fixed>
                        <wssp:SupportingTokens>  
                             <wssp:UsernameToken>
                                   <tpa:NoNonce/>
                             </wssp:UsernameToken>
                        </wssp:SupportingTokens>
                        </tpa:CredentialMapping>
                        </wsp:All>
                    </wsp:Policy>
                </wsp:All>
        </wsp:Policy>  
  </sca:policySet>
</ep:policySetContainer>