X509Authentication
The X509Authentication policy uses X.509 certificates to provide client authentication and includes a Timestamp token to guard against replay attacks. This policy does not enforce signatures or encryption.
When the policy is attached to: | Message type | To enforce the policy, Integration Server... |
Consumer web service descriptor | outbound request | ![*](chapterTOC_bullet.png) Adds a signed Timestamp token to the security header. Integration Server determines the timestamp expiration date to specify using the WS Security Properties of the endpoint alias or by using watt.server.ws.security server configuration parameters. For more information, see webMethods Integration Server Administrator’s Guide. Integration Server signs the Timestamp token using the its private key. |
| inbound response | ![*](chapterTOC_bullet.png) Requires a signed Timestamp token, which Integration Server validates to ensure against replay attacks. |
Provider web service descriptor | inbound request | ![*](chapterTOC_bullet.png) Requires an X509 token in the security header. Integration Server authenticates the sender of the inbound request using the X.509 certificate from the security header of the inbound request. |
| outbound response | ![*](chapterTOC_bullet.png) Adds a signed Timestamp token to the security header. Integration Server determines the timestamp expiration date to specify using the WS Security Properties of the endpoint alias or by using watt.server.ws.security server configuration parameters. For more information, see webMethods Integration Server Administrator’s Guide. Integration Server signs the Timestamp token using the its private key. |