Setting up the provider binding
Here we specify the certificates and keys used to implement the policy defined in the associated policy set. Both the consumer and provider must agree in which order the operations are applied. In this sample, we sign first and then encrypt. Encrypting followed by signing is more efficient, but less secure.
To set up your provider binding, use the WebSphere Message Broker Explorer to complete the following steps:
- Right-click the server broker (broker), select Properties > Security,
click the Policy Sets button.
- Select Policy Set Bindings in the left menu,
click the Add button. This action creates a new entry with a default name.
To rename your policy set binding, select your policy set binding
and enter the new name in the
Use the field below to rename the Policy Set binding field,
click the Rename button.
- In the Associated Policy Set field, select the policy set that you
created in the "Creating the policy" section.
- Select Provider (SOAPInput and SOAPReply nodes).
- Expand Provider Binding, expand WS-Security, and select Message Part Policy.
The entries are partially completed based on the security policy; if the entries are not partially
completed, ensure that you have associated the binding with the policy that you created in
the "Creating the policy" section.
- For each encryption policy ensure that each of the entries in the
Message Part encryption policies
table is configured as shown in the following table.
Encryption |
Timestamp |
Nonce |
Encryption |
Token |
Token Type |
Order |
response:app_encparts_response |
Use the default value |
Use the default value |
Data |
initToken |
Use the default value |
2 |
request:app_encparts_request |
Use the default value |
Use the default value |
Data |
recipToken |
Use the default value |
Use the default value |
- In the Message Part signature policies table,
ensure that each of the entries is configured as shown in the following table.
Order is dependent on whether you want
the messages to be encrypted first, or signed first.
Signature Protection |
Token |
Token Type |
Order |
response:app_signparts_response |
recipToken |
STRREF |
1 |
request:app_signparts_request |
initToken |
N/A |
N/A |
- Expand Message Part Policy and select Key Information.
Complete the Key Information table
with the values shown in the following table.
Token |
Key Name |
Key Alias |
Trust |
recipToken |
CN=server, O=Web Services Guided Tour, C=GB |
servercert |
N/A |
initToken |
CN=client, O=Web Services Guided Tour, C=GB |
clientcert |
TrustStore |
- Click Finish to save your binding.
You have set up the provider binding.
Back to Extending the sample to create and apply policies
Back to Extending the Address Book sample
Back to sample home