WSS Provider

This policy is WSS Provider acts on the Server side to ensure that the confidentiality, integrity, and timestamp of a request remains secure.

To maintain confidentiality, a request is encrypted at its endpoint. To maintain integrity, the request is verified for a valid signature. To track the time of the request, a timestamp is inserted in the request.

Policy Requirement
Policy Shared Resource Object Group Types
WSS Provider
  • WSS Authentication
  • Trust Provider
  • AMX Service Binding Instance (SOAP, SOAP/HTTP, SOAP/JMS)
  • BW ServiceEndpoint (SOAP, SOAP/HTTP, SOAP/JMS)
Property Description
WSS Processor The provider for the WSS authentication service.

This option is required if authentication, decryption, signature verification or timestamp verification is required on the inbound request.

Authentication Enforce authentication on request.
Confidentiality Decrypt requests and encrypt responses.
Integrity Verify signature on request and/or sign response.
Timestamp Verify timestamp on request and/or set timestamp on response.
Property Description
WSS Processor Specify a Resource Template for WSS Processing.
Authentication Authentication can be done in the following ways:
  1. Verify user name token
  2. Verify SAML token
  3. Verify Kerberos token
Verify Username Token No additional configuration required
Verify SAML token Select one of the following confirmation methods:
  1. Bearer
  2. Holder of Key
  3. Sender Vouches
Select one of the following security token types:
  1. SAML 1.1 Token 1.1
  2. SAML 2.0 Token 1.1

Specify Issuer Name.

Verify Kerberos token Specify Service Name.
Confidentiality Select Decrypt Request and/or Encrypt Response.
Decrypt Request No additional configuration required.
Encrypt Response

Select one of the following:

  1. Use client certificate for encryption
  2. Sign Elements: Add elements to be signed.
If you select the option Use a resource template for encryption:

  1. From the drop-down box, select a Resource template for encryption.

  2. Specify a Key Alias.
Select which one of the following should be encrypted:
  1. Encrypt parts: Body and/or Header

  2. Encrypt Elements: Add elements to be encrypted

Integrity Select Verify signature on request and/ or Sign Response.
Verify signature on request Select from the following options from the drop-down, Verify parts that are signed:
  1. Entire message should be signed
  2. Message header should be signed
  3. Message body should be signed
  4. At least some parts or elements in the message that should be signed
Sign response Select a Resource template for signing
Select which of the following should be signed:
  1. Sign parts: Body and/or Header
  2. Sign elements: Add elements to be signed
Timestamp Select from the following:
  1. Verify timestamp on request.
  2. Set timestamp on response. Specify time-to-live in seconds.