Enforcing WSS Consumer
Enforce the WSS Consumer policy to ensure that the confidentiality, integrity, and the time stamp of a request remains secure.
First, create, and configure the policy. Next, associate the policy with a binding in your application.
Setting Up a Policy with Resources
Follow these steps to set up a new WSS Consumer policy with resources:
- In the
Project Explorer, right-click the
Policies folder and select
.
The Policy Wizard is displayed.
- Specify the following values in the
Create New Policy Window:
- Policy Folder: Name of the folder where the policies are located.
- Package: Name of the package in the module where the new policy is added. Accept the default package, or browse to select a different package name.
- Policy Name: Name of the new policy. By default, the policy name is configured to match the security policy you choose.
- Under Select the type of Policy, select WSS Consumer.
- From the
Policy Defaults dropdown menu, select one of the following options:
Note: The Policy Defaults menu offers a list of commonly used policy configurations to choose from. After you select a Policy Default, a policy with preconfigured settings and related resources is created. If resources exist in the module, the newly created policy automatically refers to them. However, if no resources exist, new resources with default settings are created and referred to by the policy. See default description at the bottom of the Policy Wizard to view policy configurations and new resources that might be created.
- SAML Token with Sign SAML Assertion: Select this option to enforce SAML token-based credential mapping. A WSS Consumer policy configured for SAML token-based credential mapping and the following resources are produced in your workspace:
- A Keystore Resource with the default file name
server.jks
. - A
Keystore Provider resource with the default file name
WssConsumer_IdentityStore.keystoreProviderResource
. - A
Subject Provider resource with the default file name
WssConsumer_SAMLIdentityProvider.sipResource
.
- A Keystore Resource with the default file name
- UserName Token with Fixed Credentials: Select this option to enforce fixed username token-based credential mapping. A WSS Consumer policy configured for fixed credential mapping with a username token and the following resources are produced in your workspace:
- An
Identity Provider
resource, with the default file name
WSSConsumer_FixedIdentityProvider.userIdResource
. - A Password Type: The users have option to select the password types Clear Text Password and Digest Password. By default, the Clear Text Password option is selected.Note:
- Currently we are supporting the Password Digest feature at the reference side and not the service side.
- By default, the Password Type field is disabled until you add an Identity Provider.
- An
Identity Provider
resource, with the default file name
- UserName Token with Authenticated and Anonymous Credentials:
Select this option to enforce conditional username token-based credential mapping. A WSS Consumer policy configured for conditional credential mapping with username tokens and the following resources are produced in your workspace:
- An Identity Provider
resource for authenticated users, with the default file name
WssConsumer_AuthIdentityProvider.userIdResource
. - An Identity Provider shared resource for anonymous users, with the default file name
WssConsumer_AnonIdentityProvider.userIdResource
. - A Password Type: The users have option to select the password types Clear Text Password and Digest Password. By default, the Clear Text Password option is selected.
- An Identity Provider
resource for authenticated users, with the default file name
- UserName Token with Roles and Authenticated Credentials:
Select this option to enforce conditional username token-based credential mapping. A WSS Consumer policy configured for conditional credential mapping with username tokens and the following resources are produced in your workspace:
- Two
Identity Provider
resources for authenticated users with roles, with the default file names
WssConsumer_RoleIdentityProvider.userIdResource
andWssConsumer_RoleIdentityProvider1.userIdResource
. - An Identity Provider
resource for authenticated users with the default file name
WssConsumer_AuthIdentityProvider.userIdResource
.
- Two
Identity Provider
resources for authenticated users with roles, with the default file names
- Empty Policy (No Default) : Select this option to create a new WSS Provider policy with no preselected options and no resources.
- SAML Token with Sign SAML Assertion: Select this option to enforce SAML token-based credential mapping. A WSS Consumer policy configured for SAML token-based credential mapping and the following resources are produced in your workspace:
- Optional. Select Always create new shared resources to ensure that new resources are generated for the policy and referred to by the policy.
- Optional. Select Create module properties for common fields to override default properties in newly created resources with module properties. Resources with module properties for common fields are generated after you select this option.
- Select Finish to create the policy.
Configuring Resources and the Policy
For more information on resource configurations, see the following topics under Shared Resources in the TIBCO BusinessWorks™ Container Edition Bindings and Palettes Reference guide:
- Identity Provider
- Keystore Provider
- Subject Provider
For more information on policy configuration, see "WSS Consumer" in the Policy Resources section of the TIBCO BusinessWorks Container Edition Bindings and Palettes Reference guide.
Associating the Policy with a Binding
You can associate the WSS Consumer policy with the following bindings:
- SOAP-HTTP Reference Binding
- SOAP-JMS Reference Binding
For more information about how to enforce a policy on a binding in your application, see Associating Policies.