Integration Server 10.15 | Web Services Developer’s Guide | Working with Web Service Connectors | Passing Message-Level Security Information to a Web Service Connector
 
Passing Message-Level Security Information to a Web Service Connector
When using WS-Security to secure a web service, you can pass security information directly into a web service connector (WSC). At run-time, Integration Server uses the information to build the WS-Security header and the SOAP message request.
For more information about securing a web service, see Securing Web Services (WS-Security). For more information about how Integration Server obtains the security information it uses, see WS-Security Certificate and Key Requirements.
*To pass security information into a web service connector
1. In Package Navigator view, open and lock the service that invokes the web service connector.
2. If the SOAP message request requires credentials for a UsernameToken, do the following in the pipeline for the web service connector:
a. Map or set the value of auth/message/user to the user name used to authenticate the consumer client on the web services host.
b. Map or set the value of auth/message/pass to the password used to authenticate the consumer client on the web services host.
3. If the SOAP message request needs to be signed, set the following fields in the web service connector:
In this field...
Specify
auth/message/serverCerts/keyStoreAlias
Alias to the keystore that contains the private key used to sign outbound SOAP requests.
auth/message/serverCerts/keyAlias
Alias to the private key used to sign and/or include X.509 authentication token for outbound SOAP messages and/or decrypt inbound SOAP responses. The key must be in the keystore specified in auth/message/serverCerts/keyStoreAlias.
Note:
The method you use to fetch these credentials depends upon their location at your site. If they are stored in the file system, you can retrieve them using the pub.file:getFile service. If they are stored in a special repository or a DBMS, you may need a custom service for their retrieval.
4. If the SOAP message request requires encryption, set the following field:
In this field...
Specify
auth/message/partnerCert
The path and file name of the provider’s certificate, which contains its public key.
5. If the SOAP message response needs to be verified, do the following:
In this field...
Specify
auth/message/partnerCert
The path and file name of the provider’s certificate, which contains its public key.
6. If the SOAP message must be decrypted, do the following:
In this field...
Specify
auth/message/serverCerts/keyStoreAlias
Alias to the keystore that contains the private key that the consumer will use to decrypt the SOAP response.
auth/message/serverCerts/keyAlias
Alias to the private key used to decrypt inbound SOAP responses. The key must be in the keystore specified in auth/message/serverCerts/keyStoreAlias.