WSS Provider

This policy is WSS Provider acts on the Server side to ensure that the confidentiality, integrity, and timestamp of a request remains secure.

To maintain confidentiality, a request is encrypted at its endpoint. To maintain integrity, the request is verified for a valid signature. To track the time of the request, a timestamp is inserted in the request.

This policy is applicable to the following endpoints:
  • AMX Service Binding Instance (SOAP, SOAP/HTTP, SOAP/JMS)
  • BW ServiceEndpoint (SOAP, SOAP/HTTP, SOAP/JMS)
Property Description
WSS Processor The provider for the WSS authentication service.
Authentication The identity token profiles processed by this policy.
Confidentiality Decrypt requests and encrypt responses.
Integrity Verify that requests have signatures and that responses are signed.
Timestamp Verify timestamp on requests. Set timestamps on responses.
Property Description
Resource Template for WSS Processing Specify a Resource Template for WSS Processing. Select this option only if you do not want the governance control to process request messages. This option is required if you intend to select Authentication, Confidentiality, or Integrity.
Authentication Authentication can be done in the following ways:
  1. Verify user name token
  2. Verify SAML token
  3. Verify Kerberos token
Verify SAML token Select one of the following confirmation methods:
  1. Sender Vouches
  2. Holder of Key
  3. Bearer
Select one of the following security token types:
  1. SAML 1.1 Token 1.1
  2. SAML 2.0 Token 1.1

Specify Issuer Name.

Verify Kerberos token Specify Service Name.
Confidentiality Select Decrypt Request and/or Encrypt Response.
Select one of the following:
  1. Use client certificate for encryption
  2. Use a resource template for encryption
Use client certificate for encryption Select which of the following should be encrypted:
  1. Encrypt parts: Body and/or Header
  2. Encrypt Elements: Add elements to be encrypted.
Use a resource template for encryption
  1. From the drop-down box, select a Resource template for encryption
  2. Specify a Key Alias.
Integrity Select Verify signature on request and/ or Sign Response.
Sign Response

Select a Resource template for signing.

Select which of the following should be signed:

  1. Sign Parts: Body and/or Header
  2. Sign Elements: Add elements to be signed.
Verify signature on request Select from the following options from the drop-down, Verify parts that are signed:
  1. At least some parts or elements in the message that should be signed
  2. Entire message should be signed
  3. Message header should be signed
  4. Message body should be signed
Timestamp Select from the following:
  1. Set timestamp on response. Specify time-to-live in seconds.
  2. Verify timestamp on request.
Contents
Search Results