WS Security Services Authentication

Overview of WSS authentication

TIBCO API Exchange Gateway supports the WebServices Security (WSS) authentication services for the northbound messages.

TIBCO API Exchange Gateway supports the following security token profiles:

• User name

  TIBCO API Exchange Gateway provides the user authentication for the northbound requests with the LDAP system.

• SAML 1.1 and SAML 2.0

  TIBCO API Exchange Gateway provides SAML based sign-in authentication of the northbound requests.

• X.509

  TIBCO API Exchange Gateway uses X.509 protocol to process the requests and confirm that integrity and confidentiality is maintained.

TIBCO API Exchange Gateway provides the processing of northbound messages as follows:

• Northbound Request Messages

  The Core Engine can verify the signature of the sender of the request using the trust store as well as can decrypt it.

• Northbound Response Messages

  The Core Engine can sign the response message using a private key to maintain integrity and can encrypt it using the trust store and public certificate of the receiver of the response.

TIBCO API Exchange Gateway ensures availability, integrity and confidentiality by implementing the following protocols:

• SAML 1.1 and SAML 2.0 authentication.
• X.509 based signature verification and public key infrastructure for non-repudiation.
• Signs the response using private keys issued by CA.
• Decrypts the request with private keys issued by CA. TIBCO API Exchange Gateway supports variety of encryption algorithms and modes.
• TIBCO API Exchange Gateway can encrypt the response document with the consumer's public certificates.

Copyright © Cloud Software Group, Inc. All rights reserved.