Secure Web Service Operations
The TIBCO iProcess® Web Services Server Plug-in supports inflow and outflow security with Secure Socket Layer (SSL) encryption and various SOAP security features.
Security Profiles
You can create "security profiles" that contain settings for SOAP security so that the settings can be reused for different web services steps at design time. The security profile can also be associated with a URL alias so that at design time, when you select the URL alias, the associated security profile is displayed as well. For more information about the Security Profile Manager, see the TIBCO iProcess Web Services Client Plug-in User’s Guide.
Inbound Web Services
Inbound web services refer to web services provided by the iProcess® Engine (for example, doCaseStart). When defining a security profile for inbound web services, the parameters are defined from the perspective of the web service provider (the TIBCO iProcess® Web Services Server Plug-in). Therefore, "inflow" security applies to the request from the external web service to the iProcess® Engine, and "outflow" security applies to the response from the TIBCO iProcess® Web Services Server Plug-in.
Outbound Web Services
Outbound web services are called by the iProcess® Engine. When defining a security profile for outbound web services, the parameters are defined from the perspective of the web service invoker (the TIBCO iProcess® Web Services Server Plug-in). Therefore, "outflow" security applies to the request from the iProcess® Engine to the external web service, and "inflow" security applies to the response from the external web service:
Installation Options
If you are planning to use Secure Socket Layer (SSL) encryption or SOAP security features that utilize certificates (for example, digital signatures or encryption), you must create a keystore. You will be prompted for the location and password of the keystore during the installation. For more information see Review your Web Services Security Requirements.
Inbound Security and Deployment
Inbound web services (iProcess Web Services located on your server) are implemented by an Axis2 service. The service is deployed to Axis2 in the form of an .aar archive file.
If you modify the inbound security profile after the plug-in has been installed (using the Security Profile Manager), you need to restart Jetty for the changes to take effect.
Note | In a High Availability Environment, you must restart Jetty on each node (see Inbound Security). |