Web Services Security Authentication
This section explains the procedure to configure the web services security for the Core Engine.
Define the WSS Configuration Properties File
This section explains how to define the properties files required for the WSS shared resources configuration.
Sample Files
TIBCO API Exchange Gateway provides the sample configuration file for the shared resources for each of the security type profile. It is good practice to use the sample files as templates and edit the properties as per your requirement. The sample files are located in the ASG_CONFIG_HOME/asg/default/wss directory.
The property files are defined depending on the type of WSS configuration selected. The following section explains the WSS type and a sample property file which can be used for that type:
TIBCO API Exchange Gateway authenticates the user with the LDAP system and requires to create the configuration file for LDAP configuration as follows:
LDAP configuration for bind mode
This configuration type provides the authentication based on the user name token with a LDAP system for bind mode.
The sample file req_usernametoken_ldapbind.properties for LDAP shared resource configuration is located in the following directory: ASG_CONFIG_HOME/asg/default/wss
You can use this file as a template and edit the LDAP server properties as per your environment.
LDAP configuration in bind mode with SSL Enabled
This configuration type provides the authentication based on the user name token with a LDAP system with SSL enabled in bind mode.
The sample file req_usernametoken_ldapbindssl.properties for LDAP shared resource configuration is located in the following directory: ASG_CONFIG_HOME/asg/default/wss
You can use this file as a template and edit the LDAP server with SSL properties as per your environment.
LDAP configuration for search mode
This configuration type provides the authentication based on the user name token with an LDAP system for search mode.
The sample file req_usernametoken_ldapsearch.properties for LDAP shared resource configuration is located in the following directory: ASG_CONFIG_HOME/asg/default/wss
You can use this file as a template and edit the LDAP server properties for search mode as per your environment.
The configured keystore along with a valid key from keystore can be used to provide an identity of the interested subject. The Identity provider takes as an input the password of the Key alias, and it is used to access the private key of that particular alias. This is used for signing.
TIBCO API Exchange Gateway requires certain properties to be defined for this type. These properties are defined in a file, which can be imported in the configuration GUI. See Define the WSS Configuration Properties file
This configuration type provides the properties for the keystore configuration (private key) to sign the message or decrypt the message.
The sample file resp_sign.properties describes the keystore properties required to sign the message. This file is located in the following directory: ASG_CONFIG_HOME/asg/default/wss
You can use this file as a template and edit the keystore configuration as per your environment.
The trust store consumes a keystore provider and it is used for accessing public keys of the keys for signature verification or for encryption.
TIBCO API Exchange Gateway requires certain properties to be defined for this type. These properties are defined in a file, which can be imported in the configuration GUI. See Define the WSS Configuration Properties file
This configuration type provides the properties for the keystore configuration to verify the signatures or encrypt the message.
The sample file resp_encrypt.properties describes the certificate keystore properties required to encrypt the message. This file is located in the following directory: ASG_CONFIG_HOME/asg/default/wss
You can use this file as a template and edit the keystore configuration as per your environment.