Setting up the consumer binding
Here we specify the certificates and keys used to implement the policy defined in the associated policy set. Both the consumer and provider must agree in which order the operations are applied. In this sample, we sign first and then encrypt. Encrypting followed by signing is more efficient, but less secure.
To set up the binding for the consumer flow, use the WebSphere Message Broker Explorer to complete the following steps:
- Right-click the client broker (MB8BROKER), select Properties > Security,
and click Policy Sets.
- Select Policy Set Bindings in the left menu,
and click Add. This action creates a new entry with a default name.
To rename this new entry, select the new policy set binding and enter the new name in the
Use the field below to rename the Policy Set binding field,
click the Rename button.
- In the Associated Policy Set field, select the policy set that you
created in Creating the policy.
- Select Consumer (SOAPRequest, SOAPAsyncRequest, and SOAPAsyncResponse nodes).
- Expand Consumer Binding, expand WS-Security, and select Message Part Policy.
The entries are partially completed based on the security policy. If the entries are not partially
completed, ensure that you have associated the binding with the policy that you created in
the Creating the policy section.
- For each encryption policy ensure that each of the entries in the
Message Part encryption policies table is
configured as shown in the following table.
Encrypton Protection |
Timestamp |
Nonce |
Encryption |
Token |
Token Type |
Order |
response:app_encparts_response |
Use the default value |
Use the default value |
Data |
initToken |
Use the default value |
Use the default value |
request:app_encparts_request |
Use the default value |
Use the default value |
Data |
recipToken |
Use the default value |
2 |
- In the Message Part signature policies table,
ensure that each of the entries is configured as shown in the following table.
Order is dependent on whether you want
the messages to be encrypted first, or signed first.
Signature Protection |
Token |
Token Type |
Order |
response:app_signparts_response |
recipToken |
N/A |
N/A |
request:app_signparts_request |
initToken |
STRREF |
1 |
- Expand Message Part Policy and select Key Information.
Complete the Key Information table with
the values as shown in the following table.
Token |
Key Name |
Key Alias |
Trust |
recipToken |
CN=server, O=Web Services
Guided Tour, C=GB |
servercert |
TrustStore |
initToken |
CN=client, O=Web Services Guided Tour, C=GB
|
clientcert |
N/A |
- Click Finish to save your binding.
You have set up the security binding for your consumer flow.
Back to Extending the sample to create and apply policies
Back to Extending the Address Book sample
Back to sample home