Setting up the consumer binding

Here we specify the certificates and keys used to implement the policy defined in the associated policy set. Both the consumer and provider must agree in which order the operations are applied. In this sample, we sign first and then encrypt. Encrypting followed by signing is more efficient, but less secure.

To set up the binding for the consumer flow, use the WebSphere Message Broker Explorer to complete the following steps:

  1. Right-click the client broker (MB8BROKER), select Properties > Security, and click Policy Sets.
  2. Select Policy Set Bindings in the left menu, and click Add. This action creates a new entry with a default name. To rename this new entry, select the new policy set binding and enter the new name in the Use the field below to rename the Policy Set binding field, click the Rename button.
  3. In the Associated Policy Set field, select the policy set that you created in Creating the policy.
  4. Select Consumer (SOAPRequest, SOAPAsyncRequest, and SOAPAsyncResponse nodes).
  5. Expand Consumer Binding, expand WS-Security, and select Message Part Policy. The entries are partially completed based on the security policy. If the entries are not partially completed, ensure that you have associated the binding with the policy that you created in the Creating the policy section.
  6. For each encryption policy ensure that each of the entries in the Message Part encryption policies table is configured as shown in the following table.
    Encrypton Protection Timestamp Nonce Encryption Token Token Type Order
    response:app_encparts_response Use the default value Use the default value Data initToken Use the default value Use the default value
    request:app_encparts_request Use the default value Use the default value Data recipToken Use the default value 2
  7. In the Message Part signature policies table, ensure that each of the entries is configured as shown in the following table. Order is dependent on whether you want the messages to be encrypted first, or signed first.
    Signature Protection Token Token Type Order
    response:app_signparts_response recipToken N/A N/A
    request:app_signparts_request initToken STRREF 1
  8. Expand Message Part Policy and select Key Information. Complete the Key Information table with the values as shown in the following table.
    Token Key Name Key Alias Trust
    recipToken CN=server, O=Web Services Guided Tour, C=GB servercert TrustStore
    initToken CN=client, O=Web Services Guided Tour, C=GB clientcert N/A
  9. Click Finish to save your binding.

You have set up the security binding for your consumer flow.

Back to Extending the sample to create and apply policies

Back to Extending the Address Book sample

Back to sample home