WSS Consumer
Configure the WSS Consumer policy to enforce confidentiality, integrity, and timestamping, and credential mapping.
General
The General section has the following fields.
Field | Description |
---|---|
Package | The name to be displayed as the label of the policy resource package. |
Name | The name of the policy resource. |
Description | A description of the policy resource. |
Shared Resource for WSS Processing
The Shared Resource for WSS Processing section has the following fields.
Field | Description |
---|---|
WSS Verification | The WSS Verification shared resource that the WSS Consumer policy references. |
Service Provider Details
The Service Provider Details section comprises of the Confidentiality tab, the Integrity tab, the Timestamp tab, and the Credential Mapping tab.
Confidentiality
To maintain confidentiality, the policy can be configured for an outbound request to be encrypted and an inbound response to be decrypted at its endpoint. The Confidentiality tab has the following fields:
Field | Description |
---|---|
Encrypt Request | Specify the following fields:
|
Decrypt Response | To Decrypt response, provide the Subject Provider or the Subject Provider (with Trust Credential) value in the WSS Authentication policy resource, and select the Enable Decryption checkbox on the Basic Configuration section of the WSS Authentication policy resource. |
Integrity
To maintain integrity, the outbound request can be signed and the signature verified in the inbound response. The Integrity tab has the following fields:
Field | Description |
---|---|
Sign Request | Specify the following fields:
|
Verify Signature on Response | Select the checkbox to enable the
Verify parts that are Signed field.
Select from the following options from the drop-down menu :
|
Timestamp
Under the Timestamp tab, configure the following fields to insert a timestamp in an outbound request and verify a timestamp in the inbound response.
Field | Description |
---|---|
Set Timestamp on Request | Specify time-to-live in seconds. |
Verify Timestamp on Response | No additional configuration required. |
Credential Mapping
Under the Credential Mapping tab, select either Username Token credential mapping or SAML Token credential mapping to map credentials to the outbound request.
Field | Description |
---|---|
No Credentials | Select this option to ensure credential mapping is not enforced. |
Username Token based Credential Mapping | Select
Fixed or
Conditional:
For configuration details, see Basic Credential Mapping. |
SAML Token based Credential Mapping | Configure the following fields:
|