Passing Message-Level Security Information to a Web Service Connector
When using WS-Security to secure a web service, you can pass security information directly into a web service connector (WSC). At run-time, Integration Server uses the information to build the WS-Security header and the SOAP message request.
For more information about securing a web service, see
Securing Web Services (WS-Security). For more information about how
Integration Server obtains the security information it uses, see
WS-Security Certificate and Key
Requirements.
To pass security information into a web service connector
1. In Package Navigator view, open and lock the service that invokes the web service connector.
2. If the SOAP message request requires credentials for a UsernameToken, do the following in the pipeline for the web service connector:
a. Map or set the value of auth/message/user to the user name used to authenticate the consumer client on the web services host.
b. Map or set the value of auth/message/pass to the password used to authenticate the consumer client on the web services host.
3. If the SOAP message request needs to be signed, set the following fields in the web service connector:
In this field... | Specify |
auth/message/serverCerts/keyStoreAlias | Alias to the keystore that contains the private key used to sign outbound SOAP requests. |
auth/message/serverCerts/keyAlias | Alias to the private key used to sign and/or include X.509 authentication token for outbound SOAP messages and/or decrypt inbound SOAP responses. The key must be in the keystore specified in auth/message/serverCerts/keyStoreAlias. |
Note:
The method you use to fetch these credentials depends upon their location at your site. If they are stored in the file system, you can retrieve them using the pub.file:getFile service. If they are stored in a special repository or a DBMS, you may need a custom service for their retrieval.
4. If the SOAP message request requires encryption, set the following field:
In this field... | Specify |
auth/message/partnerCert | The path and file name of the provider’s certificate, which contains its public key. |
5. If the SOAP message response needs to be verified, do the following:
In this field... | Specify |
auth/message/partnerCert | The path and file name of the provider’s certificate, which contains its public key. |
6. If the SOAP message must be decrypted, do the following:
In this field... | Specify |
auth/message/serverCerts/keyStoreAlias | Alias to the keystore that contains the private key that the consumer will use to decrypt the SOAP response. |
auth/message/serverCerts/keyAlias | Alias to the private key used to decrypt inbound SOAP responses. The key must be in the keystore specified in auth/message/serverCerts/keyStoreAlias. |