WSS Provider

General

The General section has the following fields.

Field	Description
Package	The name to be displayed as the label of the policy resource package.
Name	The name of the policy resource.
Description	A short description of the policy resource.

Shared Resource for WSS Processing

The Shared Resource for WSS Processing section has the following fields.

Field	Description
WSS Authentication	The WSS Authentication shared resource that the WSS Provider policy references.

Service Provider Details

The Service Provider Details section comprises of the Authentication tab, Confidentiality tab, the Integrity tab, and the Timestamp tab.

Authentication

The Authentication tab has the following fields that you can enable to enforce authentication on a request message.

Field	Description
No Verification	Select this option to ensure that credentials are not authenticated through user name token or SAML token.
Verify username token	Select this option to authenticate user credentials through user name token. If you select this option, ensure you have configured the User Authentication tab on the WSS Authentication Shared Resource.
Verify SAML token	Select this option to authenticate user credentials through SAML token. Select one of the following confirmation methods: Bearer Holder of Key Sender Vouches Select one of the following security token types: SAML 1.1 Token 1.1 SAML 2.0 Token 1.1 Specify Issuer Name

Field

Description

No Verification

Select this option to ensure that credentials are not authenticated through user name token or SAML token.

Verify username token

Select this option to authenticate user credentials through user name token. If you select this option, ensure you have configured the User Authentication tab on the WSS Authentication Shared Resource.

Verify SAML token

Select this option to authenticate user credentials through SAML token.

Select one of the following confirmation methods:

Bearer
Holder of Key
Sender Vouches

Select one of the following security token types:

SAML 1.1 Token 1.1
SAML 2.0 Token 1.1

Specify Issuer Name

Confidentiality

An inbound request can be decrypted and an outbound response can be encrypted to maintain confidentiality. The Confidentiality tab has the following fields:

Field	Description
Decrypt Request	To Decrypt request, provide the Subject Provider or the Subject Provider (with Trust Credential) value in the WSS Authentication policy resource, and select the Enable Decryption check box on the Basic Configuration section of the WSS Authentication policy resource.
Encrypt Response	Specify the following fields: Trust Provider: Select a Trust Provider shared resource. Key Alias: Specify a Key Alias. Algorithm Suite: Specifies the algorithm suite required for performing cryptographic operations with symmetric or asymmetric key based security tokens. An algorithm suite specifies actual algorithms and allowed key lengths. The default selection is Basic128. You can select one of the following algorithms suite from the drop-down menu: Basic128 TripleDes Basic256Rsa15 Basic192Rsa15 Basic128Rsa15 TripleDesRsa15 Basic256Sha256 Basic192Sha256 Basic128Sha256 TripleDesSha256 Basic256Sha256Rsa15 Basic192Sha256Rsa15 Basic128Sha256Rsa15 TripleDesSha256Rsa15 Encryption Algorithm: Select one of the following encryption algorithms from the drop-down menu: AES_128 AES_192 AES_256 AES_128_GCM AES_192_GCM AES_256_GCM TRIPLE_DES Encrypt: Specify to Encrypt Parts or to Encrypt Elements of the message. Encrypt Parts: Select this option to encrypt the Body, Header, or both parts of the message. Encrypt Elements: Select this option to encrypt elements in the response message. When specifying the Element, ensure you also specify the Namespace of the element, and Prefix of the element if it has one.

Field

Description

Decrypt Request

To Decrypt request, provide the Subject Provider or the Subject Provider (with Trust Credential) value in the WSS Authentication policy resource, and select the Enable Decryption check box on the Basic Configuration section of the WSS Authentication policy resource.

Encrypt Response

Specify the following fields:

Trust Provider: Select a Trust Provider shared resource.
Key Alias: Specify a Key Alias.
Algorithm Suite: Specifies the algorithm suite required for performing cryptographic operations with symmetric or asymmetric key based security tokens. An algorithm suite specifies actual algorithms and allowed key lengths. The default selection is Basic128. You can select one of the following algorithms suite from the drop-down menu:
- Basic128
- TripleDes
- Basic256Rsa15
- Basic192Rsa15
- Basic128Rsa15
- TripleDesRsa15
- Basic256Sha256
- Basic192Sha256
- Basic128Sha256
- TripleDesSha256
- Basic256Sha256Rsa15
- Basic192Sha256Rsa15
- Basic128Sha256Rsa15
- TripleDesSha256Rsa15
Encryption Algorithm: Select one of the following encryption algorithms from the drop-down menu:
- AES_128
- AES_192
- AES_256
- AES_128_GCM
- AES_192_GCM
- AES_256_GCM
- TRIPLE_DES
Encrypt: Specify to Encrypt Parts or to Encrypt Elements of the message.
1. Encrypt Parts: Select this option to encrypt the Body, Header, or both parts of the message.
2. Encrypt Elements: Select this option to encrypt elements in the response message. When specifying the Element, ensure you also specify the Namespace of the element, and Prefix of the element if it has one.

Integrity

Maintain integrity by verifying the signature on an inbound request and signing an outbound response. The Integrity tab has the following fields:

Field	Description
Verify Signature on Request	Select from the following options from the drop-down menu Verify parts that are signed : Entire message Message header Message body
Sign Response	Specify the following fields: Subject Provider: Select a Subject Provider shared resource. Algorithm Suite: Specifies the algorithm suite required for performing cryptographic operations with symmetric or asymmetric key based security tokens. An algorithm suite specifies actual algorithms and allowed key lengths. Default type is Basic128. Select a one of the following algorithm suites from the drop-down menu: Basic128 TripleDes Basic256Rsa15 Basic192Rsa15 Basic128Rsa15 TripleDesRsa15 Basic256Sha256 Basic192Sha256 Basic128Sha256 TripleDesSha256 Basic256Sha256Rsa15 Basic192Sha256Rsa15 Basic128Sha256Rsa15 TripleDesSha256Rsa15 Digest Algorithm for Signature: The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. Default type is SHA-256. Select one of the following options from the drop-down menu. SHA1 SHA256 SHA384 SHA512 Sign: Specify to Sign Parts or to Sign Elements of the message. Sign Parts: Select this option to sign the Body, Header, or both parts of the message. Sign Elements: Select this option to sign elements in the response message. When specifying the Element, ensure you also specify the Namespace of the element, and Prefix of the element if it has one.

Field

Description

Verify Signature on Request

Select from the following options from the drop-down menu Verify parts that are signed :

Entire message
Message header
Message body

Sign Response

Specify the following fields:

Subject Provider: Select a Subject Provider shared resource.
Algorithm Suite: Specifies the algorithm suite required for performing cryptographic operations with symmetric or asymmetric key based security tokens. An algorithm suite specifies actual algorithms and allowed key lengths. Default type is Basic128. Select a one of the following algorithm suites from the drop-down menu:
- Basic128
- TripleDes
- Basic256Rsa15
- Basic192Rsa15
- Basic128Rsa15
- TripleDesRsa15
- Basic256Sha256
- Basic192Sha256
- Basic128Sha256
- TripleDesSha256
- Basic256Sha256Rsa15
- Basic192Sha256Rsa15
- Basic128Sha256Rsa15
- TripleDesSha256Rsa15
Digest Algorithm for Signature: The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. Default type is SHA-256. Select one of the following options from the drop-down menu.
- SHA1
- SHA256
- SHA384
- SHA512
Sign: Specify to Sign Parts or to Sign Elements of the message.
1. Sign Parts: Select this option to sign the Body, Header, or both parts of the message.
2. Sign Elements: Select this option to sign elements in the response message. When specifying the Element, ensure you also specify the Namespace of the element, and Prefix of the element if it has one.

Timestamp

To track the time of the request, a timestamp is inserted in the request. The Timestamp tab has the following fields:

Field	Description
Verify Timestamp on Request	No additional configuration required.
Set Timestamp on Response	Specify the time-to-live in seconds.

Contents

Index

Search Results

WSS Provider

General

Shared Resource for WSS Processing

Service Provider Details

Authentication

Confidentiality

Integrity

Timestamp