Configuring a binding for the WS-Security policy

To use the WS-Security policy with your web service clients, you must first configure bindings for the policy.

About this task

Important: Applicable to WebSphere® Application Server traditional

The WS-Security specification includes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. This specification provides protection for a message by encrypting or digitally signing (or both) a message body, headers, attachment, or any combination (or parts) of these elements. The specification also provides a mechanism for associating security tokens with messages.

To configure a binding for the WS-Security policy:

Procedure

  1. In the Client Side Policy Set Attachment wizard, select the WSSecurity policy type in the Bindings Configuration table; then click Configure.
  2. On the Digital Signature (bootstrap) tab:
    1. Under Outbound Message Security Configuration, select the type of information that your key contains and the algorithm that is used to transform your outbound messages that have digital signatures. Use Callback Handler Settings to specify settings for your keystore.
    2. Under Inbound Message Security Configuration, select the algorithm that is used to transform your outbound messages that have digital signatures. Select Callback Handler Settings to specify settings for your keystore. Within this window, select Trust Any Certificate if you want to accept all incoming messages that have digital signatures, without verifying credentials. If you clear this check box, you can specify your keystore settings and optionally specify a certificate in the Certificate Path field.
  3. On the XML Encryption (bootstrap) tab:
    1. Under Outbound Message Security Configuration, select the type of information that your key contains and the algorithm that is used to transform your outbound messages that have digital signatures. Use Callback Handler Settings to specify settings for your keystore. Select Enable MTOM WS-Security Optimization if you want to use the SOAP Message Transmission Optimized Mechanism (MTOM) when you send binary data with your messages. Select Enable Encrypted Header for WS-Security 1.0 if you want to use encrypted SOAP headers in the WS-Security version 1.0 specification format.
    2. Under Inbound Message Security Configuration, use Callback Handler Settings to specify settings for your keystore.
  4. Select Enable Message Expiration if you want to enable expiration of your sent messages. Type the number of minutes after which your sent messages expire in the Message Expiration Interval field. This number must be a positive integer. By default, sent messages remain permanently valid.
  5. Click OK.

What to do next

Note: The window displays read-only information about the token types, callback handlers, and JAAS logins in the binding to help you with specifying the required values.
Icon that indicates the type of topic Task topic
Timestamp icon Last updated: July 17, 2017 21:58

File name: tpsui003.html