Web Service Endpoint Alias. Endpoint name, description, and transport type.Web Service Endpoint Alias. Endpoint name, description, and transport type.HTTP/S Transport Properties. Server on which the web service resides.WS Security Properties. Information the SOAP processor needs to decrypt and verify the inbound SOAP request and/or encrypt and sign the outbound SOAP response and the details for adding the timestamp information.Message Addressing Properties. WS-Addressing information that Integration Server uses to generate the WS-Addressing headers of the SOAP requests and responses. This includes the destination address of a message or fault and the authentication credentials required to send a response to a different address than the one from which request was received.Reliable Messaging Properties. Reliable messaging information specific to the web service endpoint. By default, Integration Server applies the reliable messaging configuration defined on the Settings > Web Services > Reliable Messaging > Edit Configuration page to all web service providers and consumers. If you want to override the server-level reliable messaging configuration for a specific web service provider or consumer, define reliable messaging properties for the associated web service endpoint alias.
To create a WS provider web service endpoint alias for use with HTTP/SIn this field | Specify |
Alias | A name for the provider web service endpoint alias. The alias name cannot include the following illegal characters: # ©\ & @ ^ ! % * : $ . / \ \ ` ; , ~ + = ) ( | } { ] [ > < " |
Description | A description for the endpoint alias. |
Type | Provider |
Transport Type | Specify the transport protocol used to access the web service. Select one of the following: HTTPHTTPS |
In this field | Specify |
Host Name or IP Address | Host name or IP address of the Integration Server for which you are creating an alias. If the host Integration Server is fronted by a proxy, specify the host name or IP address of the proxy server. |
Port | An active HTTP or HTTPS listener port defined on the Integration Server specified in the Host Name or IP Address field. If the host Integration Server is fronted by a proxy, specify the port for the proxy server. |
In this field | Specify |
Keystore Alias | Alias of the keystore containing the private key used to decrypt the inbound SOAP request or sign the outbound SOAP response. Important: The provider must have already given the consumer the corresponding public key. |
Key Alias | Alias of the private key used to decrypt the request or sign the response. The key must be in the keystore specified in Keystore Alias. |
In this field | Specify |
Truststore Alias | The alias for the truststore that contains the list of CA certificates that Integration Server uses to validate the trust relationship. |
In this field | Specify |
Timestamp Precision | Whether the timestamp is precise to the second or millisecond. If you set the precision to milliseconds, Integration Server uses the timestamp format yyyy-MM-dd'T'HH:mm:ss:SSS'Z'. If you set the precision to seconds, Integration Server uses the timestamp format yyyy-MM-dd'T'HH:mm:ss'Z'. If you do not select a precision value, Integration Server will use the value specified for the watt.server.ws.security.timestampPrecisionInMilliseconds parameter. |
Timestamp Time to Live | The time-to-live value for the outbound message in seconds. Integration Server uses the Timestamp Time to Live value to set the expiry time in the Timestamp element of outbound messages. The time-to-live value must be an integer greater than 0. If you do not specify a Timestamp Time to Live value, Integration Server will use the value specified for the watt.server.ws.security.timestampTimeToLive parameter. |
Timestamp Maximum Skew | The maximum number of seconds that the web services client and host clocks can differ and still allow timestamp expiry validation to succeed. Specify a positive integer or zero. Integration Server uses the timestamp maximum skew value only when you implement WS-Security via a WS-Policy. Integration Server validates the inbound SOAP message only when the creation timestamp of the message is less than the sum of the timestamp maximum skew value and the current system clock time. If you do not specify a timestamp maximum skew value, Integration Server will use the value specified for the watt.server.ws.security.timestampMaximumSkew parameter. |
Username Token TTL | This is the permitted time difference, in seconds, between the time when the UsernameToken was created (as provided in the wsu:Created element) and the time when it reaches the server. Requests that exceed this limit are rejected by the server. The default value is 300. |
Username Token Future TTL | It is possible that the wsu:Created element has a timestamp that is in the future. The server considers such requests as valid If the time at which the request was created does not exceed the time at which it reaches the server by the value (in seconds) given in this setting. The default value is 60. |
In this field | Specify | |
JAAS Context | The custom JAAS context used for Kerberos authentication. In the following example, JAAS Context is WS_KERBEROS_INBOUND: WS_KERBEROS_INBOUND { com.sun.security.auth.module.Krb5LoginModule required refreshKrb5Config=true storeKey=true isInitiator=false debug=true; }; The is_jaas.cnf file distributed with Integration Server includes a JAAS context named IS_KERBEROS_INBOUND that can be used with inbound requests. | |
Principal | The name of the principal to use for Kerberos authentication. | |
Principal Password | The password for the principal that is used to authenticate the principal to the KDC. Specify the principal password if you do not want to use the keytab file that contains the principals and their passwords for authorization. The passwords may be encrypted using different encryption algorithms. If the JAAS login context contains useKeyTab=false, you must specify the principal password. | |
Retype Principal Password | The above principal password. | |
Service Principal Name Format | Select the format in which you want to specify the principal name of the service that is registered with the principal database. | |
Select | To | |
host-based | Represent the principal name using the service name and the hostname, where hostname is the host computer. This is the default. | |
username | Represent the principal name as a named user defined in the LDAP or central user directory used for authentication to the KDC. | |
Service Principal Name | The name of the principal for the service that the Kerberos client wants to access. This can be obtained from the WSDL document published by the provider of the Kerberos service. Specify the Service Principal Name in the following format: principal-name.instance-name@realm-name | |
In this field | Specify | |
To | URI of the destination of the SOAP message. In the Reference Parameters field, specify additional parameters, if any, that correspond to <wsa:ReferenceParameters> properties of the endpoint reference to which the message is addressed. Optionally, you can specify metadata (such as WSDL or WS-Policy) about the service in the Metadata Elements field. You can also specify Extensible Elements, which are elements other than those specified as part of the Metadata and Reference Parameters. You can specify more than one reference parameter, metadata element, or extensible element. Click the ‘+’ icon to add more rows and the ‘x’ icon to delete the rows. | |
Response Map | Address to which the provider will send the reply or fault message and the corresponding message addressing alias. Integration Server retrieves the authentication details needed to send the response from the message addressing alias mapped to the address. In the Address field, specify the URI to which the provider will send the reply or the fault message. From the Message Addressing Alias list, select the message addressing endpoint alias from which Integration Server will retrieve the authentication details. Integration Server uses the authentication details to send the response to the ReplyTo or FaultTo endpoints. Click the ‘+’ icon to add more rows and the ‘x’ icon to delete the rows. | |
In this field | Specify | |
Retransmission Interval | The time interval (in milliseconds) for which a reliable messaging source waits for an acknowledgment from the reliable messaging destination before retransmitting the SOAP message. The default is 6000 milliseconds. | |
Acknowledgement Interval | The time interval (in milliseconds) for which the reliable messaging destination waits before sending an acknowledgment for a message sequence. Messages of the same sequence received within the specified acknowledgment interval are acknowledged in one batch. If there are no other messages to be sent to the acknowledgment endpoint within the time specified as the acknowledgment interval, the acknowledgment is sent as a stand-alone message. The default is 3000 milliseconds. | |
Exponential Backoff | Whether to use the exponential backoff algorithm to adjust the retransmission interval of unacknowledged messages. Adjusting the time interval between retransmission attempts ensures that a reliable messaging destination does not get flooded with a large number of retransmitted messages. | |
Select | To | |
true | Increase the successive retransmission intervals exponentially, based on the specified retransmission interval. For example, if the specified retransmission interval is 2 seconds, and the exponential backoff value is set to true, successive retransmission intervals will be 2, 4, 8, 16, 32, and so on if messages continue to be unacknowledged. This is the default. | |
false | Use the same time interval specified in the Retransmission Interval field for all retransmissions. | |
Maximum Retransmission Count | The number of times the reliable messaging source must retransmit a message if an acknowledgement is not received from the reliable messaging destination. To specify that there is no limit to the number of retransmission attempts, set the value of Maximum Retransmission Count to -1. The default is 10. | |