Integration Server 10.15 | Web Services Developer’s Guide | WS-Security Certificate and Key Requirements | WS-Security Key Resolution Order: Web Services Provider | Web Service Provider: Request (Inbound Security) Detailed Usage and Resolution Order
 
Web Service Provider: Request (Inbound Security) Detailed Usage and Resolution Order
Keep the following information in mind when reviewing the table below:
*The table refers to keystore and key aliases for the Signing Key, the Decryption Key, and the SSL Key. You can configure these keystore and key aliases on the Security > Certificates page of the Integration Server Administrator.
*The usage order applies to all attributes of a policy assertion except where otherwise specified. If a policy assertion is not specified, then certificate and key resolution order is not applicable.
Security Action
Options
Usage/Resolution Order
UsernameToken
*WS Security Header
User Name and Password
Signature Verification
1. WS Security Header
Public key included in the header
2. Certificate Mapping
Public key (certificate) associated with resolved user and Usage (in the order specified below) for one of:
*Verify
*VerifyAndEncrypt
*SSL
Validate signing certificate
1. Endpoint Alias
WS Security Properties/Truststore
2. Listener (Port) Settings
Listener Specific Credentials/Truststore Alias
3. Server Settings
Truststore/Truststore Alias
Authenticate with signing certificate
*Certificate Mapping
User associated with signed certificate (public key) and Usage of one of the following:
*MessageAuth
*Verify
*VerifyAndEncrypt
*SSL
Decryption
1. Endpoint Alias
WS Security Properties/Keystore Alias
WS Security Properties/Key Alias
2. Listener (Port) Settings
Listener Specific Credentials/Keystore Alias
Listener Specific Credentials/Key Alias
3. Server Settings
Decryption Key/Keystore Alias
Decryption Key/Key Alias
4. Server Settings
SSL Key/Keystore Alias
SSL Key/Key Alias
X.509 Authentication
*Certificate Mapping
User associated with signed certificate (public key) and Usage of one of the following:
*MessageAuth
*Verify
*VerifyAndEncrypt
*SSL
Validate certificate
1. Endpoint Alias
WS Security Properties/Truststore
2. Listener (Port) Settings
Listener Specific Credentials/Truststore Alias
3. Server Settings
Truststore/Truststore Alias
SAML Authentication
Note:
You can only use SAML authentication when using WS-SecurityPolicy. The WS-Security facility does not support SAML authentication.
*Certificate Mapping
User associated with the sender certificate (public key) and Usage of one of the following:
*MessageAuth
*Verify
*VerifyAndEncrypt
*SSL
Validate Security Token Service� (STS) certificate
1. Endpoint Alias
WS Security Properties/Truststore
2. Listener (Port) Settings
Listener Specific Credentials/Truststore Alias
3. Server Settings
Truststore/Truststore Alias