Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 2 Process Flows and Functionalities : SOAP Message Security

SOAP Message Security
TIBCO BusinessConnect SOAP Protocol supports the following security features:
Digital Signature and Encryption
In TIBCO BusinessConnect SOAP Protocol, Web Services Security (WSS) is used to sign or to encrypt the SOAP body as a whole. Individual elements of the body or any other parts, such as header elements or attachments, cannot be signed or encrypted.
For more details on how to sign and encrypt, see the Require Digital Signature and Require Content Encryption for the following operations:
UsernameToken for Authentication
As an authentication alternative, WSS Username/Password Token ([WSS11-UT]) can also be used, without the exclusiveness of Digital Signature Authentication, for inbound message authentication.
The password type of UsernameToken only digest password in the current implementation for outbound messages. For inbound messages, either the digest or plain text passwords are accepted. Plain text password is normally used together with SSL transport.
When UsernameToken is used for authentication, the wsse:UsernameToken element is in the “primary” security header along with other security entities such as digital signature and encryption element if they are present.
You can set TIBCO BusinessConnect SOAP Protocol to use the UsernameToken for authentication in TIBCO Administrator by clicking BusinessConnect > Operations Editor > SOAP > Operation Type > Request/Response Action > General > Require UsernameToken Authentication.
If you select the Require UsernameToken Authentication check box on the outbound side, the user name and password must be typed in the private process.
If you select the Require UsernameToken Authentication check box on the inbound side, the inbound request and response SOAP messages are required to embed the UsernameToken element, and the user has to be defined as an external user and be associated with this trading partner from whom the message is received. You can define and configure an external user in TIBCO Administrator by clicking BusinessConnect > User Management > Users > External.
The UsernameToken for Authentication is not supported for SOAP fault messages.
For more details, see the Require UsernameToken Authentication check box for the following operations:
Sample of the UsernameToken Part

 
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>Test</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">NdiRl/Z4CnWfbFahlBFWxlt7xLM=</wsse:Password>
  <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Prvav23eGuMul/XSlGI07A==</wsse:Nonce>
  <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-01-13T03:14:56.640Z</wsu:Created>
</wsse:UsernameToken>

 

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved