WSS Consumer

This policy facilitates processing of WS-Security Header from response message.

WSS Consumer acts on the Reference side to ensure that the confidentiality, integrity, and timestamp of a request remains secure. To maintain confidentiality, a response is decrypted at its endpoint. To maintain integrity, the response is verified for a valid signature. To track the time of the response, a timestamp is inserted in the response.

This policy is applicable to the following endpoints:
  • AMX Reference Binding Instance (SOAP, SOAP/HTTP, SOAP/JMS)
  • BW ReferenceEndpoint (SOAP, SOAP/HTTP, SOAP/JMS)
Select the checkboxes for the required features.
Property Description
WSS Processor The provider for the WSS authentication service. This option is required if you intend to select Authentication, Confidentiality, or Integrity.
Confidentiality Decrypt responses and encrypt requests.
Integrity Verify that requests have signatures and that responses are signed.
Timestamp Verify timestamp on responses. Set timestamps on requests.
Credential Mapping Use supported identity token profiles to insert identity token into outgoing requests. Select one from the following options:
  1. Username Token Credential Mapping using Identity Provider.
  2. SAML Token based Credential Mapping
Property Description
Resource Template for WSS Processing Specify a Resource Template for WSS Processing. Select this option only if you do not want the governance control to process response messages.
Confidentiality Select Encrypt Request and/or Decrypt Response.
Select one of the following:
  1. Use client certificate for encryption
  2. Use a resource template for encryption
Use client certificate for encryption Select which of the following should be encrypted:
  1. Encrypt parts: Body and/or Header
  2. Encrypt Elements: Add elements to be encrypted.
Use a resource template for encryption
  1. From the drop-down box, select a Resource template for encryption
  2. Specify a Key Alias.
Integrity Select Sign Request and/ or Verify parts that are signed.
Sign Request

Select a Resource template for signing.

Select which of the following should be signed:

  1. Sign Parts: Body and/or Header
  2. Sign Elements: Add elements to be signed.
Verify parts that are signed Select from the following options:
  1. At least some parts or elements in the message that should be signed
  2. Entire message should be signed
  3. Message header should be signed
  4. Message body should be signed
Timestamp Select from the following:
  1. Set timestamp on request. Specify time-to-live in seconds.
  2. Verify timestamp on response.
Property Description
SAML Token based Credential Mapping
  1. From the drop-down list, select SAML token profile.
  2. If you select Sign SAML Assertion, specify shared resource for signing SAML.
  3. Enter SAML issuer name
  4. Select SAML Assertion Validity
Contents
Search Results