About the Security Elements
Use the elements in the security folder to:
Control which client certificates are sent to other services.
Digitally sign data.
Process digital signatures.
Store and retrieve outbound passwords to access secure resources.
Manage
Integration Server keystores and truststores.
Secure XML documents.
The services
pub.security.keystore:setKeyAndChain,
pub.security:setKeyAndChainFromBytes, and
pub.security:clearKeyAndChain are used to control which client certificate the
webMethods Integration Server presents to remote servers. You need to use these services to switch between certificates and certificate chains if you are not using aliases for remote servers. For more information about aliases for remote servers, see
the section Setting Up a Remote Server Alias in the webMethods Integration Server Administrator’s Guide.
Setting Up a Remote Server Alias.The
pub.security.outboundPasswords services support the use of encrypted outbound passwords to access secure resources. You may wish to have a flow service access a secure resource such as a remote
Integration Server, proxy server, or database. The service would need to provide a valid password to access the resource. The
pub.security.outboundPasswords services allow a flow service to store passwords in and retrieve passwords from the
Integration Server's outbound password store. The outbound password store is an encrypted store of passwords managed by the
Integration Server. For more information about the outbound password store, see
the section Working with Outbound Password Settings in the webMethods Integration Server Administrator’s Guide .
Working with Outbound Password
Settings.The
pub.security.keystore services allow you to configure
Integration Server SSL through access to its keys and associated certificates. These keys and certificates are now stored securely in industry-standard keystore and truststore files. For more information about
Integration Server keystores and truststores, see
the section Keystores and Truststores in the webMethods Integration Server Administrator’s Guide .
Creating a Keystore and Truststore.The pub.security.xml services are based on the Apache Security APIs. These services support encryption and digital signing of outbound XML documents from Integration Server, and decryption and signature verification of inbound XML from partner applications. The services provide the most commonly-used XML security options, including:
Signing/encrypting the entire XML document or the content of specific nodes
Selection of the signing and encryption algorithms
Use of enveloping and enveloped signatures
Important:Software AG recommends that you drop variables containing sensitive data from the pipeline once the data is no longer needed by the flow service. Sensitive data includes, but is not limited to, passwords, private keys, and pass phrases. The pipeline stores data in clear text. Because the entire output pipeline is returned to the calling client, avoid leaving variables containing sensitive data in the pipeline. This prevents the service from returning sensitive data to the calling client.
The pub.security services provide PGP-based encryption, decryption, signing, and verification.