Setting up the provider binding

Here we specify the certificates and keys used to implement the policy defined in the associated policy set. Both the consumer and provider must agree in which order the operations are applied. In this sample, we sign first and then encrypt. Encrypting followed by signing is more efficient, but less secure.

To set up your provider binding, use the WebSphere Message Broker Explorer to complete the following steps:

  1. Right-click the server broker (broker), select Properties > Security, click the Policy Sets button.
  2. Select Policy Set Bindings in the left menu, click the Add button. This action creates a new entry with a default name. To rename your policy set binding, select your policy set binding and enter the new name in the Use the field below to rename the Policy Set binding field, click the Rename button.
  3. In the Associated Policy Set field, select the policy set that you created in the "Creating the policy" section.
  4. Select Provider (SOAPInput and SOAPReply nodes).
  5. Expand Provider Binding, expand WS-Security, and select Message Part Policy. The entries are partially completed based on the security policy; if the entries are not partially completed, ensure that you have associated the binding with the policy that you created in the "Creating the policy" section.
  6. For each encryption policy ensure that each of the entries in the Message Part encryption policies table is configured as shown in the following table.
    Encryption Timestamp Nonce Encryption Token Token Type Order
    response:app_encparts_response Use the default value Use the default value Data initToken Use the default value 2
    request:app_encparts_request Use the default value Use the default value Data recipToken Use the default value Use the default value
  7. In the Message Part signature policies table, ensure that each of the entries is configured as shown in the following table. Order is dependent on whether you want the messages to be encrypted first, or signed first.
    Signature Protection Token Token Type Order
    response:app_signparts_response recipToken STRREF 1
    request:app_signparts_request initToken N/A N/A
  8. Expand Message Part Policy and select Key Information. Complete the Key Information table with the values shown in the following table.
    Token Key Name Key Alias Trust
    recipToken CN=server, O=Web Services Guided Tour, C=GB servercert N/A
    initToken CN=client, O=Web Services Guided Tour, C=GB clientcert TrustStore
  9. Click Finish to save your binding.

You have set up the provider binding.

Back to Extending the sample to create and apply policies

Back to Extending the Address Book sample

Back to sample home