Configuring Web Service Security

Designer 10.15 | Web Services Stack Help | Configuring Advanced Policy Settings | Configuring Web Service Security

To configure WS-Security

1. In Designer, double-click a Web service package to open it.

2. Select the Services or Operations tab, depending on which one you want to configure.

3. Select Enable WS-Security

The Security opens and the Enable WS-Addressing option, the HTTPS transport, Transport-level Security with SSL and Username Token Assertion are automatically enabled.

4. In the Security area, you can select one of the four Security Bindings:

No Binding - when selected, you can disable the Enable WS-Addressing option.

Transport-level Security with SSL

Message-level Security with Symmetric Binding

Message-level Security with Asymmetric Binding

Depending on the security binding you selected, continue with the relevant options below.

5. Configure the options in the Message-level Security Options area.

Option	Description
Encrypt Body	Enables encryption (EncryptedParts assertion) over the entire body content.
Sign Body	Enables integrity protection (SignedParts assertion) over the entire body content.
Sign entire Headers and Body	Enables signature over the headers and body content (OnlySignEntireHeadersAndBody policy assertion.

6. Configure the options in the Token Assertions area.

Option	Description
User Name Token	Enables the UsernameToken assertion to secure the messages sent to the client.
Secure Conversation	Enables the SecureConversationToken assertion Language (WS-SecureConversation). WS-SecureConversation provides means for creating and sharing security contexts rather than relying only on the message authentication model.

7. Other Security Options

Option	Description
Include Timestamp	Enables the usage of the IncludeTimestamp policy assertion.
Use Client Certificate	Enables the usage of client certificates to encrypt the transferred data (RequireClientCertificate policy assertion). Note: This option is only available when you configure transport-level security with SSL.

8. In case of Message-level Security you can specify the following:

XPath expressions to encrypt (EncryptedElements or ContentEncryptedElements assertion) and/or sign (SignedElements assertion) parts of the message.

Headers to be encrypted (EncryptedParts assertion) and/or signed (SignedParts assertion).

Configure the options in the Security Model Configuration (Apache Rampart see http://axis.apache.org/axis2/java/rampart/rampartconfig-guide.html) area.

Option	Description
User	Specifies the user name used. For details see "Client-Side Configuration" in the Web Services Stack documentation.
UsernameToken Validator Class	Callback Class providing the password used to create the UsernameToken for the desired user.
Password Validator Class	Callback Class providing the password to sign the message or to create the UsernameToken (for the details of the predefined callback classes see "Implementation of Password Callback Handlers in the Web Services Stack documentation).
Policy Validator Callback Class	Callback Class providing the password for Custom validators (for the details of the predefined callback classes see "Implementations of Policy Validation Callbacks" in the Web Services Stack documentation).

Optionally, you can add and use your own, user-defined password callback classes, user-defined policy validator callback classes that you added in the preferences settings of Designer. For more information, see Configuring Web Services Stack Preferences.

In the Encryption and Signing areas below you can configure the corresponding keystore and truststore.

Option	Description
Certificate Alias	The user name used for encryption (ENCRYPTION_USER) or for signature (USER_CERTIFICATE_ALIAS).
Keystore	Specifies the path to keystore file for encryption or for signature.
Keystore Password	Specifies the password for the keystore file.
Truststore	Specifies the path to truststore file for encryption or for signature.

9. Save your changes.

For more information see the separate Web Services Stack documentation, also available under http://documentation.softwareag.com > webMethods Product Line > Shared Components.